Personal computing discussed
Moderators: renee, morphine, Steel
Waco wrote:Once the FTL is wiped out the data is pretty much non-recoverable to my knowledge.
EDIT: You could read the data from the individual flash dies but it'd be a jumbled mess...but technically the data is still there.
BIF wrote:For an SSD, would it be feasible to delete all data then fill the drive to capacity with nonsensical/non-text data and then delete that? So as to ensure that any metadata or undeleted clusters would not be your "real" metadata?
BIF wrote:There was a time (before SSDs) I read an article that said that as a traditional hard drive wrote data, the magnetic head would write the 1's and 0's and also would leave a magnetic "wake" to one or both sides of the track being written, and that this "wake" could still be re-read at a later time, even after the track were erased. But I never found an explanation as to why the erasure process would not also leave a similar "erasure wake", thereby obscuring or destroying the original wake.
just brew it! wrote:If the SSD vendor has implemented the Secure Erase command properly, it should securely erase all of the flash cells with just a single use. If they haven't implemented it properly (i.e. they're cheating and just resetting meta-data), then there's really nothing you can do to guarantee complete erasure of all contents in a way that isn't potentially recoverable with sophisticated hardware-level forensic techniques, unless you physically destroy the flash chips inside the drive.
Waco wrote:I was under the impression that many did cheat -- my older Indilinx drive "secure erases" in less than 5 seconds. I have trouble believing it's actually going through every cell and erasing it in that amount of time.
Waco wrote:You could easily just write a pattern of all 1s to the entire drive (filling it) to erase all older data though.
just brew it! wrote:For reasons mentioned previously in this thread, on flash-based devices this does not guarantee erasure of all flash cells. Getting any useful data out after doing this would require sophisticated forensic techniques at the hardware level, but it is still theoretically possible to recover at least some of the previous contents.
just brew it! wrote:For reasons mentioned previously in this thread, on flash-based devices this does not guarantee erasure of all flash cells. Getting any useful data out after doing this would require sophisticated forensic techniques at the hardware level, but it is still theoretically possible to recover at least some of the previous contents.
Captain Ned wrote:On a more serious side I would expect gov't-level SSD decom protocols to include pulling tbe board out of the housing and drilling every chip.
Waco wrote:just brew it! wrote:For reasons mentioned previously in this thread, on flash-based devices this does not guarantee erasure of all flash cells. Getting any useful data out after doing this would require sophisticated forensic techniques at the hardware level, but it is still theoretically possible to recover at least some of the previous contents.
Bah, I guess that's especially true with drives that do compression and wear-leveling. There's no real way to be sure all of the flash has been written to without bypassing the FTL.
Waco wrote:Captain Ned wrote:On a more serious side I would expect gov't-level SSD decom protocols to include pulling tbe board out of the housing and drilling every chip.
I would assume they'll just toss them in a shredder just like HDDs.
Waco wrote:I would assume they'll just toss them in a shredder just like HDDs.
Waco wrote:True, but if you filled a drive without any compression you could be reasonably sure it'd hit nearly everything with the exception of the spare area (which you could hit with multiple passes...but no guarantees).
I'd probably feel comfortable doing a secure erase if it was my personal data though. I don't think anyone would go through the trouble of anything more than the most basic of poking around to get my data.
just brew it! wrote:The NSA and FBI (which I'm assuming are our benchmark for high-end forensic capabilities)
just brew it! wrote:If all you care about is casual snooping and amateur identity thieves, a secure erase (regardless of how well implemented) or single overwrite pass should be sufficient.
churin wrote:Considering the reason why multiple erasing passes provide more security for conventional hard disk, single pass of erasing process appear sufficient for SSD. Am I correct?