After completing a successful penetration testing engagement, you are required to perform data destruction to ensure no residual data from the test remains on the client's systems or your own equipment. Which of the following methods is the most appropriate for securely eradicating files containing sensitive information collected during the testing?
Encrypt the data on the drives without overwriting the original files.
Format the drives on which sensitive data is stored.
Use an approved overwrite utility to perform a secure wipe of storage devices.
Delete the files and then empty the recycle bin or trash folder on all devices used.
Securely wiping the storage device using an approved overwrite utility ensures that the data is overwritten with random data, making it extremely difficult, if not impossible, to recover the original data. Simple deletion or formatting of a drive does not erase the data; it only removes pointers to the data in the file system, which can easily be recovered using file recovery software. The encryption of existing data without overwriting it does not prevent recovery of the original data because the raw data still exists unaltered on the storage medium.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an approved overwrite utility?
Open an interactive chat with Bash
Why can't simply deleting files or formatting drives ensure complete data destruction?
Open an interactive chat with Bash
What are the risks of not securely eradicating sensitive information after a penetration test?