The IT Law Wiki


An overwrite procedure is

a process that removes or destroys data recorded on a computer storage medium by writing patterns of data over, or on top of, the data stored on the medium.[1]
[a] software process that replaces data previously stored on storage media with a predetermined set of meaningless data or random patterns.[2]
simply means to write patterns of non-sensitive data (usually, simply binary ones and zeros) over the existing data.[3]

An overwrite procedure is "[a] stimulation to change the state of a bit followed by a known pattern."[4]

Data security[]

"There are overwriting software or hardware products to overwrite storage space on media with non-sensitive data. This process may include overwriting not only the logical storage location of a file(s) (e.g., the file allocation table) but also may include all addressable locations. The security goal of the overwriting process is to replace written data with random data. Overwriting cannot be used for media that are damaged or not writeable. The media type and size may also influence whether overwriting is a suitable sanitization method."[5]

"The method and complexity of the overwriting required may vary depending on the sensitivity of the original data, Typically, this variation takes the form of multiple iterations (or passes) of overwriting, and variations in the patterns of ones and zeros used."[6]