3

I have a luks encrypted external usb ssd drive (Samsung T3) which is unable to use the trim command. This leaves me to search for a different way to securely erase the free space inside the encrypted ssd drive.

With photorec I was able to succesfully recover a lot of pictures and files even though I used scrub to write random data and zeros to the ssd drive.

This leaves me to the question: Is scrubbing effective in deleting free space on a ssd drive? I'm not concerned with the drive degrading in any way, shape or form.

user638145
  • 33
  • 4
  • Hi! So you had data on the drive, then encrypted it, used `scrub` to write random data on all the free space and were still able to recover unencrypted data from the raw drive? – GnP Sep 07 '16 at 13:11
  • Encrypted external usb ssd drive -> unlocked drive during boot -> ran scrub on the free space inside the drive -> ran photorec to try to recover files = 20k+ 'deleted' files were still recoverable. – user638145 Sep 07 '16 at 17:51
  • Did you run photorec on the luks volume (unencrypted) or the thumb device (encrypted) – GnP Sep 07 '16 at 18:59
  • I ran luks on the decrypted /dev/mapper/root filesystem, not on the /dev/sdb partition. – user638145 Sep 08 '16 at 07:43
  • If you're doing that it doesn't really matter that you're using encryption at all, you're accesing the decrypted data and it seems your concern is someone *with the decryption key* could recover deleted data from it. – GnP Sep 08 '16 at 08:36
  • That is correct, I also want to know how to completely delete the free space inside of the encrypted drive when it's not possible to perform the trim command. I want to know if scrubbing also has an effect on ssd drives compared to hard drives. – user638145 Sep 08 '16 at 18:33
  • Ok, glad we're in the same page now :-). Do you understand how the different abstraction levels on top of your raw SSD interact, and how the physical support (SSD, HDD, RAM) is irrelevant to the recovery of deleted data within the encrypted volume? – GnP Sep 08 '16 at 21:17
  • Ah it's basically the same on every drive when encryption is enabled? During my testing I discovered that scrubbing does have effect. After an intensive session scrub I could recover way fewer files then before. – user638145 Sep 09 '16 at 08:18

1 Answers1

0

After more intensive scrubbing with the command line scrub tool (scrub -X -p schneier test which does 7 passes) I could recover only 1/10th of what I could recover before. So I guess it does have effect.

user638145
  • 33
  • 4