File Destruction Manager is a software solution that allows you to secure your information and data disposal activities.
File Destruction Manager is a software module part of the CRYPTHOR cybersecurity system designed to solve the pain points of the processes of device sanitization and data destruction. File Destruction Manager utilize some post-quantum hybrid cryptographic methods for random configuration of basic crypto primitives which allow the achievement of complete device wiping and zero information risk.
FDM utilizes the data destruction technique. This technique uses a software approach for recording a set of random bytes for each free sector of the disk that is used to store sensitive to critical information.
The data deletion approach ensures that the possibility for recovering of deleted data by utilization of specialized software or hardware means and approaches is equal to zero. Data destruction is a very reliable form of device (drive) sanitization and wiping as it confirms that 100% of the data is replaced at the lowest possible level (byte level).
FDM is characterized by another one feature – the data random encryption. Random data encryption is a hybrid cryptographic method that use a random configuration of basic crypto primitives. In this process a secret key is generated based on a random selected key derivation function (KDF) and it is destroyed, once the process is complete.
Random encryption is fast and very efficient method for hybrid sanitization of storage devices and because of this it is a great option for sanitization and wiping of “frequently used” devices such as flash drives, removable drives, portable HDDs, etc. or devices that contain sensitive to critical information.
The encryption technology that FDM utilizes is hardware independent and works on most common operating systems.
File Destruction Manager can be characterized by the completely automated processes that exclude any ability for human intervention and this reduce to zero the possibility for human error.
In a summary, some pros and cons of device sanitization and data destruction:
No need for physical destruction;
No third party involving;
Ability for “device recycling” – the device can be sold out or used once again in company/organization infrastructure;
Time consuming process;
Needs administrative privileges;
Access restrictions during sanitization and wiping process;
Where and when should I use FDM:
The process of deleting a file only removes the entry of the file (a pointer) from the file index in the file system. Thus, the actual data remains on the processed drive and can be easily recovered and restored with the help of specialized data recovery tools.
According to the latest security standards and requirements before a storage device is disposed or excluded from the organization IT infrastructure it must be sanitized and all available data on it should be destroyed, i.e. device must be wiped.
FDM is designed to utilize some of the most efficient and reliable standard digital data erasure algorithms used by government organizations and corporate structures, as well as hybrid solutions that are less popular to the public.
One of the main advantages of FDM is the function that allows automatic generation of control reports. This function makes the application mandatory when you consider developing cybersecurity systems that comply to the requirements of ISO/IEC 27001 and ISO/IEC 27002.
The application’s hybrid functions are backed by proven in practice algorithms that are described in NIST SP 800-88 and NIST SP 800-90A, which include Hash DRBG (Hash Function Based), HMAC DRBG (HMAC Based), and CTR DRBG based on block ciphers in counter mode), as well as some specific solutions used in the BS 1443 technology.
Technology and Solutions:
The proper choice of algorithms and software technologies for the processes of digital data destruction, device sanitization and wiping allow the achievement of lowest possible levels of information risk, and guarantee the application’s efficiency and reliability.
CRYPTHOR File Destruction Manager utilize the following non-exhaustive list of algorithms and technologies:
Included standard algorithms:
- NIST Special Publication 800-88;
- NIST Special Publication 800-90A;
- NIST Special Publication 800-90B;
- U.S. Department of Defense DoD 5220.22-M (ECE);
- U.S. Department of Defense DoD 5220.22-M (E);
- U.S. Department of Defense DoD 5220.28-M – STD;
- U.S. Army AR 380-19;
- U.S. Air Force AFSSI-5020;
- Canadian RCMP TSSIT OPS-II;
- British HMG IS5;
- Peter Gutmann;
- Russian Standard – GOST-R-50739-95;
Included special algorithms:
- BS Standard Destroyer – Hybrid;
- BS Ultra Destroyer – Hybrid;