Expunge Data

NETWORK EQUIPMENT SANITIZATION

Revoke

Certified network equipment sanitization.

Switches, routers, firewalls, and access points hold sensitive configuration data — VLANs, credentials, SNMP strings, routing tables, ACLs. A manual factory reset isn't documentation. Revoke automates the entire process: identify the device, capture a full inventory, execute the reset, verify it booted clean, and document everything.

Contact us How it works
/dev/ttyUSB0 — revoke

$ revoke --port /dev/ttyUSB0

[*] Detecting device…

[+] Vendor: Cisco

[+] Platform: IOS 15.2(4)M7

[+] Model: WS-C3750X-48P

[+] Serial: FDO1821V00P

[*] Capturing inventory…

[+] Ports: 48× GigE, 4× 10GE

[+] Licenses: IP Services (perpetual)

[*] Executing factory reset…

[*] Waiting for reboot…

[+] Verified: clean boot to factory defaults

[+] Session complete — reported to Expunge Data

THE GAP

Network equipment is the blind spot in data sanitization.

Most ITAD processes handle storage drives well. But a switch, router, or firewall can hold just as much sensitive data — VLAN configs, admin credentials, SNMP community strings, routing tables, and access control lists.

The typical response is "we did a factory reset." That's unverifiable, undocumented, and almost never tied to serial numbers or chain of custody.

Typical ITAD documentation

  • • "We factory reset it" — no proof
  • • No record of which command ran
  • • No post-reset verification
  • • No per-device serial tracking
  • • No license inventory (high-value)
  • • No retention window

THE SOLUTION

Automated sanitization for network equipment.

DETECT

Auto-detection

Revoke reads the device banner over serial and identifies vendor, OS version, model, and serial number — no manual entry.

INVENTORY

Inventory capture

Ports, modules, installed licenses, and configuration fingerprint are captured before reset. High-value perpetual licenses are tracked.

RESET

Verified factory reset

Vendor-specific reset sequence executed programmatically. Device reboots; banner and config are re-read to verify a clean default state.

DOCUMENT

Documented results

Results uploaded to Expunge Data as a Network Factory Reset (NFR) certificate. Same tamper-evident format and 7-year retention as data-sanitization certificates.

WORKFLOW

From console cable to certificate.

01

Connect

Plug the Revoke console cable into any serial, USB, or network-management port. No dedicated hardware, no vendor client required.

02

Identify & inventory

Vendor and model are identified from the device banner. Ports, modules, firmware, and license state are captured automatically.

03

Sanitize & verify

Revoke runs the vendor-specific factory reset, monitors reboot, and re-reads the banner + config to verify the device is in a clean default state.

04

Document & report

A Network Factory Reset (NFR) certificate is generated and uploaded to Expunge Data. Tamper-evident QR, 7-year retention, shareable URL.

COMPATIBILITY

Multi-vendor support.

Revoke identifies the device automatically and uses the correct vendor-specific reset sequence. No manual configuration required.

CISCO

Catalyst, Nexus, ISR

IOS, IOS-XE, NX-OS reset sequences. License state capture for perpetual Smart/Classic licenses.

DELL

PowerSwitch, Force10

OS10, OS9, FTOS reset. Inventory of port groups and stack config.

JUNIPER

EX, QFX, SRX

Junos factory reset via request system zeroize. Config rollback verification.

ARISTA

EOS

write erase / reload. Event monitor state captured pre-reset.

HPE / ARUBA

Aruba OS-CX, ArubaOS

Central-managed and on-prem. Switches, APs, controllers.

FIREWALLS

Fortinet, Palo Alto, Check Point

FortiOS, PAN-OS, Gaia. Full config wipe + license inventory.

SERIAL

Generic console

Works with any device exposing a CLI over serial, SSH, or telnet — even unrecognized firmware.

MORE

Don't see your vendor?

We add vendor support regularly. Tell us what you need documented.

WHY IT MATTERS

Three shifts for network-equipment disposition.

FROM

Manual process

A technician typing write erase and trusting it worked.

TO

Automated

A reset sequence that's recorded, verified, and tied to a serial number.

FROM

Trust

"We reset it" with no artifact an auditor can verify.

TO

Proof

A signed NFR certificate with serial number, reset method, pre/post state, and a QR to verify it.

FROM

Drives only

Sanitization documentation that stops at the SSD/HDD.

TO

Everything

Drives + switches + routers + firewalls — one platform, one record, same standard.

INTEGRATED

One platform. One certificate.

Revoke results land in the same Expunge Data customer portal as your drive sanitization certificates. Auditors see one inventory, one set of tamper-evident documents, and one verification URL format.

UNIFIED RECORD

Drives + network, one batch

A single customer-portal batch can include SSR certs, CER certs, and NFR certs. Download the whole batch, or verify any one device.

SAME VERIFICATION

QR + hash, same as storage certs

NFR certificates use the same SHA-256 tamper-evident format and /verify URL scheme. Whatever process your auditor already trusts applies here too.

7-YEAR RETENTION

Long-tail disposition audits

Network equipment often outlives the audit. Every NFR is retained for seven years with no additional action required.

GET STARTED

Document your network disposition.

Stop trusting "we factory reset it." Produce a verifiable record every time.

Contact us Verify a certificate