17

Secure data deletion is known to be more complicated and elusive on a solid-state drive than for a regular hard drive. For instance, the logical block mapping on the SSD's flash translation layer makes it impossible to reliably overwrite specific memory sectors as you would do to wipe an HDD.

I am looking for a real-world example (not a proof of concept) to illustrate the problem. Is there a notable case where someone, preferably law enforcement, has taken advantage of the properties of an SSD in order to recover wiped data that would have likely been unrecoverable on an HDD?

Community
  • 1
Arminius
  • 43,922
  • 13
  • 140
  • 136
  • That post you pointed to does not talk about TRIM. SSD's can't write to a previously written location without first erasing it. Which also means that an SSD's wear leveling algorithm will write new data to a smaller and smaller area of the flash memory, wearing the drive out faster, unless some background process regularly runs TRIM to erase released flash memory, or the memory is erased immediately before a write. The latter has serious performance implications. – Craig Tullis Oct 08 '16 at 23:35
  • @Arminius Am I right to assume that the underlying statement you want to evaluate is "disk wiping on an solid-state drive is more secure than disk wiping on a hard-disk drive"? – Bob Ortiz Nov 01 '16 at 17:13
  • I could tell you but then I had to kill you (even sooner). ;-) In order to do such a "recovery", the organization trying this must have the capability, the motivation to do so and it must speak publicly about what has been done. Those who are most likely to do or at least be capable of doing this are most certainly not going to talk about it... – Thomas Nov 05 '16 at 19:59
  • It is a lot more complex, so use filecontainers or whole-disk software crypto for sensitive data. Veracrypt and LUKS work well. The keying data is usually stored at the fore of the file/partition, with a few backups further in. You can scrub this fairly well, but there are no guarantees against remapped data:/ – user2497 Oct 19 '17 at 12:12

3 Answers3

5

Recovery is only possible under certain conditions:

  • have an older SSD with no TRIM support or
  • have Windows XP (as it does not support TRIM) or another old OS with no TRIM support or
  • you connect the SSD as an external hard drive via USB port. or
  • AHCI / SATA interfaces are not detected in your old MB - you use legacy mode/IDE mode or
  • you have a RAID 0 setup

Those are the happy cases. Any decent software will be able to recover your files.

The now-days most encountered case is when you have a new SSD with TRIM enabled. In this case, data recovery is a no-go, because when TRIM is enabled, the erase action is performed immediately. TRIM will purge both the data and the link to it, so practically, it’s gone; it’s simply decontaminated and empty, flagged as ready-to-use.

In some situations, Self-Encrypting Drive (SED) and ATA Secure Erase have been found not to function, just like Bitlocker encryption. In such a situation, data is also recoverable. But in a case of fully encrypted drive with a 3rd party reliable tool, nothing will be recoverable.

Overmind
  • 8,779
  • 3
  • 19
  • 28
  • TRIM makes it impossible to read the contents of wiped sectors from your OS (they will typically by zeroed-out), but the data isn't actually gone. With access to the physical chips, or the ability to put the drive in factory access mode, data can be recovered. See https://blog.elcomsoft.com/2019/01/life-after-trim-using-factory-access-mode-for-imaging-ssd-drives/ I agree with your advice to use encryption. – craig65535 Feb 01 '21 at 23:03
  • Keep in mind that currently some, maybe most, Linux distros don't send TRIM to the SSD after a file was deleted. This can be enabled by mounting the partition with [`discard`](https://www.man7.org/linux/man-pages/man8/mount.8.html). Also, not all distros trim periodically with [`fstrim`](https://www.man7.org/linux/man-pages/man8/fstrim.8.html). In those cases, deleted data is never trimmed and can be recovered. Discussion [here](https://unix.stackexchange.com/questions/649964/is-mounting-with-discard-needed-for-trim). – Matthias Braun Jun 09 '21 at 10:13
4

My very first thought:

xkcd

Nobody can be absolutely sure that something has not happened, so the only acceptable answer to your question would be an example. I'm trying to explain my thoughts on why you are very unlikely to get such an example. My argument is inspired by the Drake equation.

Let me start with some facts that I think we all agree on (more or less, hopefully):

  • Recovering data from a wiped SSD can be done (theoretically and practically).
  • Doing so is far from being easy, it requires knowledge, ressources, maybe time.

As with any attack, we have three parameters to look at:

  • required skill
  • required ressources
  • motivation

How are the chances, that law enforcement has skill and ressources available? NSA, Mossad, KGB - sure. An "ordinary" police department? Likely they can do it if they're able to convince someone it's important enough and there's no other way. It's certainly not "routine".

That's where we're talking about motivation. In order to be motivated (enough), the following things must be true:

  • Some "suspect" must have stored data on a SSD. (Not a HDD, not a floppy...)
  • Somebody - for some reason - decided to wipe that SSD. (This takes a little time and effort and thus should be done before the police rings at your door.)
  • The SSD must not have been protected by other means such as strong encryption. (Note, that at this point we have a person who not only knows about wiping a SSD, but actually did so because he knew his secrets might be compromised otherwise. It's certainly possible, though very unlikely, that such a person didn't use encryption in the first place.)
  • Law enforcement must either know or at least assume that there's "something" to be found on that particular SSD. (Otherwise they wouldn't look.)
  • The crime we're talking about must have been considered "important enough".
  • There was no other way the data could be obtained or there was not enough other evidence against the suspect.

So, finally, we're motivated enough. There's still more to consider:

  • The whole operation must have been performed successfully.
  • The operation must have been documented and made publicly available.

I think if we multiply all those chances, we're getting a chance very, very close to zero, that there will be proof that something like this has ever been successfully done.

Thomas
  • 498
  • 2
  • 6
  • Many SSDs use built-in encryption. If it does, then with the proper procedure, wiping the SSD is practically instantaneous. – user Sep 11 '17 at 11:16
  • Thomas, those are bed-stories. Recovering overwritten blocks is something like Schrödinger's cat. At maximum, you can determine by very advanced means that data was on a block at some point (which is nearly useless) but you cannot determine it's previous content. Think like this: you enter a room for the 1st time and you see a light switch. You will never know if it was on or off 'n' days ago. – Overmind Oct 19 '17 at 11:39
2

Modern solid state drives use SED (Self-Encrypting Drive) for secure erasure, specifically via the ATA Enhanced Security Erase functionality found in many drives. The drives store an encryption key in a special area of the drive and use it to transparently encrypt everything written to it. Upon sending the security erase command, rather than individually writing over every flash cell, the drive securely erases the SED key, effectively rendering all data on the drive useless. The Opal specification requires that such drives use a hardware random number generator for generation of the key. This makes analysis of the difficulty of the problem much simpler, as you don't have to mess with complex physical phenomena for highly proprietary hardware nearly as much. Instead, you have to analyze the quality of the RNG which may or may not yield positive results.

The upside, for the defenders, is that a key is generated by a testable and hopefully high quality non-deterministic hardware random number generator, with the drive being encrypted with a strong, well-studied algorithm. The upside for the attackers is that retrieving data requires finding out one key. It's better for them if it takes, say, 6 months to break the key on a poorly-designed HWRNG than if it takes 6 months to retrieve a kilobyte of data from storage.

forgetful
  • 199
  • 4