Erasing Devices Securely with Active@ KillDisk

Active@ KillDisk can completely and securely destroy all data on hard drives, removable disks, and flash media devices, without the possibility of future recovery. U-M has a license for its use by faculty, staff, and departments for U-M owned computers on all U-M campuses, including Michigan Medicine. This document provides instructions for downloading, installing, registering, and using the U-M licensed copy of Active@ KillDisk. This copy may be used at no cost for an unlimited number of uses on U-M owned devices.

A freeware version of Active@ KillDisk is available for use on personally owned devices.

Use of KillDisk following these instructions will satisfactorily prepare devices for resale or disposal by U-M Property Disposition, and complies with university policies and standards for securely disposing of data and devices. See Securely Dispose of U-M Data and Devices for more information on securely disposing of data and devices, including other device types. This process can be used on computers running various operating systems (Mac, Windows, Unix/Linux), and most device types (Mac and Windows PC devices, USB and external drives), and also meets the Information Assurance requirements for erasing solid state drives (SSDs).

Important! To avoid charges when devices or storage media are turned over to Property Disposition for disposal or resale, you must erase your device using @Active KillDisk by following the instructions below. This must include using the fingerprint option, and/or generating a Certificate of Destruction to be attached to the device as verification that KillDisk was run on that device.

Download and Install

Follow these instructions using a Windows computer with Intel Pentium or higher, 1 GB of RAM, Video VGA resolution 800 x 600 or better, and Windows 7 or higher. A bootable USB drive, 1GB or larger in size is recommended for creating boot media. The bootable medium you create in this process can be used on all devices, regardless of operating system of the device being erased.

  1. Download the U-M licensed version of Active@ Killdisk from the U-M DropBox location.
  2. Run the KillDisk-Ultimate-Setup.exe file downloaded from the U-M DropBox folder.
  3. Click Next on the initial Welcome and Setup Wizard screens.
  4. Select I accept the agreement to agree to the licensing terms, and click Next.
  5. Click Next to accept the default install location (the Program Files directory) or define a custom install location if needed.
  6. Uncheck the Launch Universal Boot Disk Creator when the install process ends.
  7. Click Finish.

Register on First Use

You must register Active@ KillDisk before first use.

  1. Click Registration.
  2. Using the information downloaded from the U-M DropBox location, copy and paste your registration information and the registration key into the registration form.
  3. Click OK to verify registration information, and store this information locally so you will not need to enter it the next time you launch the application.

Check for Updates Before Using

The Active@ Killdisk program will need to be updated periodically to make sure you are using the current version. Run the check below before use to be sure your copy is up to date.

  1. Launch the Active@ KillDisk program.
  2. Click the Help menu, and select Check for updates.
  3. A window will open indicating the status and current version of Active@ KillDisk.
    screenshot of kill disk update screen
  4. Click Cancel if an update is not needed, or click Update if an update is needed. If an update is needed, KillDisk will download and install it, then close automatically when finished.

Prepare Bootable Media

You will need to prepare a bootable device in order to erase a complete drive on a machine where the drive is installed internally. We recommend that you use a USB device, 1GB or larger in size. You can select other bootable media if needed, including a CD/DVD/Blu-ray disk, a USB Flash Drive, or an ISO Image file to be burned later. Active@ KillDisk also offers the ability to erase an external hard drive, as well as specific partitions and empty space on a drive.

To prepare a bootable device:

  1. Run Bootable Disk Creator from the Windows Start menu. The Active@ Boot Disk Creator main page appears.
  2. Select the USB drive you wish to use on the Active@ Boot Disk Creator main page. If your USB is not displayed in a combo-box, you may need to initialize it.
  3. Click Next.
  4. Select the target platform for booting up: Windows, Linux GUI, Linux Console or DOS.

Erase a Hard Drive

  1. Boot the computer you will be erasing using the bootable USB drive you created, and open Active@ Killdisk.
  2. Select the appropriate drive and partitions you would like to erase, most likely fixed Disk0 for a computer's internal hard drive. Click Erase Disk.
    Important! Pay close attention to selecting the disk to be erased. Do not proceed until you are sure the selected disk is the one you want to erase.

    Screenshot of kill disk license screen showing it is licensed to U-M.
  3. Double check your selection in the Erase Disk pop up window. If correct, proceed to step 4, if incorrect, change the selections.
    Screenshot reminding you to double check your drive selection before erasing a drive.
     
  4. Select NIST 800-88 (1 pass random) in the Erase Method pane of the Kill pop up window.
    Notes:
    • This meets U-M Information Assurance criteria for secure erasure of data classified up to Restricted.
    • If you have a contractual requirement to perform more passes, select a different method as appropriate.
    Screenshot of selecting method of erasing. NIST 800 1 pass is recommended unless you are required to use another method.
  5. Leave the verification selection at 10%.
  6. Check the Initialize disk(s) after erase box.
  7. Check the box Write Fingerprint to first sector.
    Note:Choosing this option writes an acknowledgement to the disk upon completion of KillDisk stating that Active@ Killdisk has successfully erased the disk. This option meets the requirements of U-M Property Disposition to avoid sanitization fees for the disposal of digital media.
    Screenshot showing checked boxes for options described in step above.
  8. Killdisk automatically saves a PDF copy of the Certificate of Destruction to the USB drive to “(USB drive letter) :\Windows\System32\config\systemprofile\certificates”.
    To change the save location of the PDF file, select the Erase Certificate from the left menu. From here, change the file path listed in the “Save certificate as PDF to location” box (or click on the button to the right of the text box select the directory location).
    Screenshot showing the default save location for the certificate of destruction Kill Disk creates.
  9. Click Start.
  10. Confirm action by typing ERASE-ALL-DATA in the Confirm Action window. Click OK.
    Screenshot of box where you need to type in ERASE-ALL-DATA to confirm erasing.

Save the Certificate of Destruction (C.O.D)

Once the sanitization process has completed, Active@ KillDisk will produce a certificate containing the date, information about the disk, a sanitization status of pass or fail, and a verification status.

The process should have already saved a copy of the COD to
(USB drive letter):\Windows\System32\config\systemprofile\certificates”. To save another copy to the same, or different location:

  1. From the erasure completion page pop up window, click on the Print button.
    Screenshot of the window when erasing is complete which shows the print button for printing the certificate.
  2. This will bring up a print preview window of the PDF to be saved. From here click on the print button. This will then allow you to select the location to save the copy of the COD.
  3. Before the save button can be used, a file name will need to be provided. Choose a filename that makes sense for you, such as the workstation name or asset tag number and the date. Then click Save.

A copy of the C.O.D must be provided along with Declaration of Surplus form and provided to U-M Property Disposition for resale or disposal. Property Disposition prefers electronic versions of both documents. You should also retain a copy of the certificate for your records. Some regulations and contractual agreements may require you to have this certificate to prove compliance.

Tags: 
Security
Last Updated: 
Friday, December 4, 2020