BrowsePopularContact UsAbout Us

What Is DoD Delete (DoD 5220.22-M) and How Does It Work?

When you delete a file the normal way — dragging it to the trash and emptying it — the data isn't actually gone. The operating system simply marks that space as available for reuse. The original bits remain on the drive until something overwrites them. DoD Delete is a data sanitization method designed to address exactly that problem, and understanding it properly means knowing where it came from, what it actually does, and why its relevance depends heavily on your storage hardware.

The Origin of the Term

DoD 5220.22-M refers to the National Industrial Security Program Operating Manual (NISPOM), published by the United States Department of Defense. Within that document, a specific data sanitization standard was outlined for clearing sensitive information from magnetic storage media before reuse or disposal.

The term "DoD Delete" — or sometimes "DoD wipe" — became shorthand for the multi-pass overwrite method described in that standard. It entered mainstream use through disk-wiping software tools that listed it as a selectable algorithm, giving everyday users access to a technique originally designed for classified government environments.

What the DoD 5220.22-M Method Actually Does

The core idea is overwriting: writing new data on top of the old data so that the original values become unrecoverable. The classic DoD 5220.22-M process involves multiple passes across every addressable sector of the drive:

PassWhat Gets Written
Pass 1A fixed character (typically all zeros: 0x00)
Pass 2The complement of that character (all ones: 0xFF)
Pass 3A random character, followed by verification

Some software implementations extend this to seven passes, sometimes called the DoD 5220.22-M ECE variant, alternating between fixed patterns and random data. Other tools apply even more passes based on similar standards like the Gutmann method (35 passes), though the marginal security benefit of additional passes has been widely debated in the security research community.

The underlying principle: by overwriting every sector multiple times with different bit patterns, any residual magnetic signature from the original data becomes statistically indistinguishable from noise.

Why Drive Type Changes Everything 🖴

This is where DoD Delete gets complicated — and where many users applying it today may be working from outdated assumptions.

On traditional Hard Disk Drives (HDDs), multi-pass overwriting is technically meaningful. HDDs write data to fixed, addressable physical sectors on spinning magnetic platters. When you overwrite those sectors, you're physically altering the magnetic state of a specific location. This is the environment DoD 5220.22-M was designed for.

On Solid State Drives (SSDs), the picture is fundamentally different:

  • SSDs use wear-leveling algorithms that distribute writes across the flash memory cells to prevent uneven wear
  • When software commands an overwrite of a specific logical sector, the SSD's controller may write to a different physical location than the original data
  • The original data can remain in flash cells that the overwrite command never actually touched
  • Over-provisioned space — storage reserved internally by the SSD — is inaccessible to the operating system and therefore immune to software-level overwrite commands

This means running a DoD-style wipe on an SSD may give you a false sense of security. For SSDs, most security professionals and drive manufacturers point toward ATA Secure Erase or NVMe Sanitize commands, which instruct the drive's own controller to erase all cells — including those hidden from the OS — as more reliable alternatives.

USB flash drives and SD cards share the same wear-leveling limitations as SSDs and present similar challenges for software-based overwriting.

Where DoD Delete Still Applies

Despite SSD limitations, DoD 5220.22-M overwriting remains relevant in several contexts:

  • Legacy HDD-based systems in corporate or government environments being decommissioned
  • File-level wiping on HDDs, where you want to sanitize specific files rather than an entire drive
  • Compliance documentation — some regulated industries still reference DoD-style wiping in their data disposal policies, even if newer standards have superseded it technically
  • Virtual machine disk images and certain file container formats stored on HDDs, where the image occupies a defined block of sectors

It also remains a well-recognized standard in auditing conversations, meaning IT teams may use it as a documented, defensible process even when the technical arguments for it have evolved.

How DoD Delete Is Typically Implemented

You won't find a "DoD Delete" button built into Windows or macOS natively, but it's widely available through third-party tools. Common implementations include:

  • DBAN (Darik's Boot and Nuke) — a bootable disk-wiping utility widely used for HDD sanitization
  • Eraser (Windows) — a file and drive overwrite tool with selectable algorithms including DoD 5220.22-M
  • Disk Utility on older macOS versions offered a secure erase option (removed in later versions due to SSD prevalence)
  • Enterprise data destruction software used by IT asset disposal companies

Most of these tools let you select the number of passes and the overwrite pattern, giving you control over the trade-off between thoroughness and time. ⏱️ A seven-pass wipe on a large HDD can take many hours.

The Variables That Shape Your Decision

Whether DoD Delete is the right approach for a given situation depends on several intersecting factors:

  • Storage medium — HDD, SSD, NVMe, flash storage, or hybrid drive
  • Sensitivity of the data — personal files vs. regulated or classified information
  • End goal — reselling the drive, discarding it, repurposing it internally, or meeting a compliance requirement
  • Physical destruction as an alternative — for highly sensitive data, degaussing or physical shredding may be appropriate regardless of overwrite methods
  • OS and tool compatibility — not all wiping tools support all drive interfaces or file systems equally

A user wiping an old HDD before donating a laptop faces a very different set of considerations than an IT administrator decommissioning enterprise storage in a regulated industry. 🔐 The label "DoD Delete" covers the same algorithm in both cases — but what that algorithm actually accomplishes on the underlying hardware is not the same.