The NAVSO P-5239-26 data sanitization method is usually implemented in the following way:
- Pass 1: Writes a specified character (e.g. one)
- Pass 2: Writes the complement of the specified character (e.g. zero)
- Pass 3: Writes a random character and verifies the write
The NAVSO P-5239-26 data sanitization method I list above is the way most data destruction programs implement the standard. However, according to the actual specification, this is the less effective, "alternate method." The "preferred method" involves a more complicated overwriting pattern, which you can read more about in the PDF I link to a few paragraphs down.
Erasing a hard drive using the NAVSO P-5239-26 data sanitization method will prevent all software based file recovery methods from lifting information from the drive and is also likely to prevent most hardware based recovery methods from extracting information.
The NAVSO P-5239-26 sanitization method was originally defined in Navy Staff Office Publication 5239 Module 26: Information Systems Security Program Guidelines, published by the US Navy. You can read the NAVSO P-5239-26 data sanitization specification in 16.c.1 and 16.c.2 of NAVSO Publication 5239-26 [link no longer available].
It's unclear if the US Navy still uses NAVSO P-5239-26 as its software based data sanitization standard.
Most data destruction programs support multiple data sanitization methods in addition to NAVSO P-5239-26.
