The AR 380-19 data sanitization method is usually implemented in the following way:
- Pass 1: Writes a random character
- Pass 2: Writes a specified character (e.g. zero)
- Pass 3: Writes the complement of the specified character (i.e. one) and verifies the write
The AR 380-19 data sanitization method is sometimes used incorrectly by data destruction programs so you might see it implemented without a verification of the final pass or without a third pass at all.
Erasing a hard drive using the AR 380-19 data sanitization method will prevent all software based file recovery methods from lifting information from the drive and is also likely to prevent most hardware based recovery methods from extracting information.
The AR 380-19 sanitization method was originally defined in Army Regulation 380-19, published by the US Army. You can read the AR 380-19 data sanitization specification in AR 380-19 Appendix F [link no longer available].
It's unclear if the US Army still uses AR 380-19 as its software based data sanitization standard.
Most data destruction programs support multiple data sanitization methods in addition to AR 380-19.