0

In addition to the question posted regarding purging data without formatting and the ability to recover data with forensic tools, how reliable is the method regarding overwriting with large file sets?

As an example, if i delete multiple files roughly sized at 2GB stored on a SSD and attempt to overwrite it with single large file sets e.g. ISOs, will this method work? How reliable is it?

Is there another approach?

It has been suggested that the question may be a duplicate of recovering wiped SSD. This question is specific where the drive is not being wiped. There is no option to do so. The only option is to delete files and write files. There is no option to install any tools

Community
  • 1
Motivated
  • 1,493
  • 1
  • 14
  • 25
  • @cremefraiche - Thanks cremefraiche. Please see the edit. It is not a duplicate since it is asking for a specific method. – Motivated Feb 18 '16 at 07:20
  • @Motivated The same answer applies though - due to how SSDs work, there is no guarantee that the data will actually be overwritten. Doesn't matter _how_ you try to overwrite, whether using large files, zeros, or 35 passes. – Matthew Feb 18 '16 at 08:51

2 Answers2

3

Wear leveling on the SSD will prevent you from completely overwriting existing data, even if the operating system actually tries to put the new file(s) in the same sectors (as the OS sees them) as the old file(s), which is doubtful unless you totally fill the drive each time.

Anti-weakpasswords
  • 9,785
  • 2
  • 23
  • 51
  • Does wear leveling delete this files at any time? – Motivated Mar 14 '16 at 07:37
  • 1
    @Motivated - no. Wear leveling says that the SSD is going to stop using a certain sector... and the data that was on there when it decides to quit stays there, and is inaccessible and undetectable by normal means. – Anti-weakpasswords Mar 14 '16 at 12:20
  • So why use SSD from a security perspective? Are there any benefits to be gained? – Motivated Mar 15 '16 at 07:21
  • Even if you totally fill the drive each time, this isn't going to be effective due to overprovisioning space (the space that you can't see which prevents you from "filling the drive" for performance reasons). – forest Oct 30 '18 at 03:36
1

For SSD's supporting hardware encryption, it should be unnecessary to do this. If encryption is enabled, then the drive can be securely erased simply by clearing the encryption keys.

user1751825
  • 905
  • 4
  • 10
  • You are correct, the BX100 does not support hardware encryption. To get that from Crucial you apparently need to go up to the MX series drives. I suspect the drives themselves would support it, but it has likely been disabled in the firmware, to push people to the more expensive models. – user1751825 Feb 18 '16 at 11:40
  • It should be possible to modify the firmware to support the encryption, assuming the models' hardware is identical and they both have crypto accelerators necessary to offload the computation. – forest Oct 30 '18 at 03:37