How are SSDs different from HDDs from the privacy point of view? Is it easier or harder to recover traces of deleted and/or wiped (overwritten) files from an SSD than from a HDD?
2 Answers
We have a whole bunch of questions on the difficulty of wiping data from SSD's. You should have a good browse round this site.
Simple answer is:
By default, SSD's leave more data on the drive. This is because of wear leveling - overwriting doesn't exist as a concept in the same way as on a physical platter. That said, there are known solutions, the most common being the use of whole disk encryption as a way to wipe the drive, by just forgetting the key.
- 61,367
- 12
- 115
- 320
-
Thanks. Whole disk encryption security is very questionable, however, given all the mess around TrueCrypt, black-box nature of alternatives, rumors of the NSA having had cracked SSL and progress in the field of development of computing power. I just don't want the NSA (today) or anyone else (in a decade perhaps) to be able to recover pictures of my girlfriend naked :-) – Ivan Jun 20 '16 at 19:35
-
Whole disk encryption really isn't questionable, despite the TrueCrypt issue; SSL is irrelevant, as is computing power. – Rory Alsop Jun 20 '16 at 19:48
For HDDs, you generally need to overwrite the data several times (with either random data or specific patterns) to completely destroy traces of old data. Otherwise it can be recovered by using advanced data forensic methods.
For secure destruction of information stored on the HDDs, the U.S. DoD Unclassified Computer Hard Drive Disposition specifies three iteration of writes: a character, its complement, another pattern, as a secure way to destroy unclassified information. Canadian Communications Security Establishment (ITSG-06) specifies similar procedure for the same data, using different patterns: all ones or zeros, its complement, a pseudo-random pattern. Bruce Schneier suggests 7 iterations: all ones, all zeros, pseudo-random sequence five times.
For SSDs, single erase cycle is enough to make previous data truly unreadable (and TRIM is your friend here if you care about your data being truly deleted), and writing new data over that guarantees security.
Secure-wipe of an SSD is properly done only with the manufacturer's tools. The tools used for HDDs will not work properly, due to automatic wear leveling and housekeeping procedures. It puts quite a lot of wear and tear on the structure (since it can be written to only that many times). I couldn't find any specific government-approved procedures for securely destroying data on SSDs.
Keep in mind though, that all governments seem to recommend destroying media containing highly classified (top secret) data instead of wiping them.
- 840
- 7
- 11
-
Remember that HDD's really only need 1 wipe. The 7 passes idea was obsolete many years ago! – Rory Alsop Jun 20 '16 at 08:51
-
I wouldn't personally trust just one pass, especially if it was just 0s or 1s. DoD and CSE procedures are multi-pass for a reason. As for Bruce Schneier's 7 passes procedure, I'm pretty confident that's an overkill. – Jakub Jun 20 '16 at 09:03
-
DoD procedures were relevant back in the old MFM days, but they have been heavily detailed as pointless now. There is not a single body that thinks they can get data after 2 passes, and even 1 pass is considered enough on any modern HDD. Loads of posts on that topic here on Security.SE – Rory Alsop Jun 20 '16 at 09:39
-
DoD procedure which I mentioned was introduced in 2001, the CSE - in 2006. MFM HDDs weren't too popular then already. Besides, for MFMs a different procedure was created: Peter Gutmann's Algorithm, with up to 35 passes! Additionally, all of these standards were created for dealing with government and/or military information, which is pretty sensitive (and therefore potential attacker is expected to spend some time and effort trying to recover it). For civilian use 1 pass is pretty good, 2 are a warranty and 3 is 'slightly' paranoid. – Jakub Jun 20 '16 at 09:51
-
I generally trust one-pass because my own data recovery skills suggest it's impossible to recover once-wiped data using software and/or simple hardware methods, one will need a sophisticated laboratory. – Ivan Jun 20 '16 at 19:40
-
Do I understand it correct that an SSD can be wiped securely (in theory at least) as a whole using the manufacturer tools but wiping a single logical partition will hardly make any sense at all as well as wiping a particular file? – Ivan Jun 20 '16 at 19:42
-
Yes, wiping the SSD as a whole is secure (in theory at least). Wiping a partition, or removing a file is secure-ish (TRIM and housekeeping procedures will sooner or later cause an erase pass on the blocks that are marked as 'deleted' but until then the data is recoverable). – Jakub Jun 21 '16 at 08:02