|
Introduction |
SSDs useUnlike a technique called wear-levelinghard disk, which distributesan SSD is unable to overwrite data evenly across. Instead the drivestorage cells first have to avoid certain blocks being used more than othersbe cleared to zero. As a result, when a file is deleted from an SSD, the data is not removed from the drive immediately. Instead, the SSD it simply marks the storage area as invalid and keepsstale data. Then, as a background process or when thedata until the block is memory cells are needed again at which point, the SSD willwrite over zeroise a whole block, and fill it with new (probably unrelated) data as required. | | However, unlike HDDs, data recovery from an SSD is much more challenging. This is because an SSD's wear-leveling technique means that data is spread out over multiple blocks, making it difficult to recover the complete file. | | In fact, an SSD generally contains more storage than its declared capacity. This allows it to retire old and worn out data blocks and substitute fresh ones from a pool of spares. This means that even if you were to write 500GB of data to a 500GB SSD, some data may remain in retired blocks. This could still be accessed by unsoldering the memory chips and reading them in a forensic rig. | | To securely erase data on an SSD, it's necessary to overwriteyou can use the data with new data or perform an ATA Secure Erase command. The ATA Secure Erase commandThis tells the SSD to erase all the data on the drive, including any data that may be hidden or inaccessible, such as in retired blocks. This command also resets the encryption keyHowever, there have been suggestions from government security agencies that was used to encrypt the data,ATA Secure Erase is not properly implemeted on all hard disks and SSDs.rendering the data unrecoverable | | The only surefire way to ensure that data is irretrievable from an SSD is to physically destroy the drive,it as descibed especially if the ATA Secure Erase commands were not properly implementedin this guide.the device firmware This could be due to firmware bugs or vendor-specific implementations that do not properly execute the ATA Secure Erase command. | | Encrypting your drives from the start is an excellent way to protect your data and and also to make the erasure process much simpler. When you encrypt a drive, the data is automatically encrypted as it is written to the disk, and the encryption key is securely stored in memory. To securely erase the data on the drive, you only need to delete or destroy the encryption key, which makesmaking the data on the drivecopletely unrecoverable. | | | If you were looking to destroy data on a HDD, take a look at my companion guide here [guide|140673] |
|