1

Internal SSD can be wiped with TRIM, but USB sticks are external SSD. They're apparently difficult to wipe securely enough to make forensic analysis of the device impossible. This question has been asked before, about 4 or 5 years ago and the information is probably outdated. Looking for up-to-date advice on how to securely wipe files on a USB from a bootable media.

Is it possible to have a setup that can securely wipe USB with TRIM? Anyone know of any programs that will securely shred files on USB, making them impossible to recover via forensic recovery software?

LoserBaby
  • 11
  • 1
  • 3
  • Possible duplicate of [How do I securely erase USB flash drives?](https://security.stackexchange.com/questions/62555/how-do-i-securely-erase-usb-flash-drives), [How do I securely dispose of a removable USB storage device from within an office?](https://security.stackexchange.com/questions/142200/how-do-i-securely-dispose-of-a-removable-usb-storage-device-from-within-an-offic), [Sanitizing USB memory stick by overwriting dummy data](https://security.stackexchange.com/questions/161648/sanitizing-usb-memory-stick-by-overwriting-dummy-data). – Steffen Ullrich Jan 16 '19 at 05:59
  • To be clear, you're asking how to remove data from a device but leave the device usable, correct? Because current data destruction standards say that for flash storage the answer is physical destruction. Something like a Garner SSD-1 (or their full FlashPro system) is brutally effective and preventing data from being recovered from flash storage. – Ruscal Jan 16 '19 at 18:12

2 Answers2

1

Unlikely. SSD/usbs have firmware that automatically shuffles the available storage to account for errors in sections of the flash storage. Its possible that your important files are now stored on a bit of flash that effectively does not exist in the eyes of the OS and therefore can not be securely wiped.

The easiest way to be fully sure that none of your data is recoverable is to use full disk encryption from the beginning. Without the key, the data on the drive is effectively random and useless. That way if you ever sell or lose your drive, no amount of analysis will get any data out of it as long as your key was secure.

I'm also not sure TRIM can actually be used to securely wipe drives but I will leave that up to someone who knows more about it.

Qwertie
  • 778
  • 6
  • 11
  • The host computer does not see the flash blocks, is unaware of the wear leveling and marked bad blocks. full disk encryption provides the best solution. Further when a block write fails and the block is put in the bad block list it most likely contains the written data with perhaps only a few bits in error. – zaph Jan 16 '19 at 22:29
  • I thought TRIM was a optimising technique to improve performance on SSDs – LtMuffin Jun 20 '19 at 18:57
  • @Leon185 That is also my thought but I am not an expert on what it does. – Qwertie Jun 20 '19 at 23:58
-1

In the last forensic Assessment we came across the same situation and to figure out why this happens or for curiosity how can we completely flash the device which can not be recovered so I came across the solution you can write /dev/zero using dd for at-least 5 iteration. with every iteration it keep changing the super-block depends on the file system.

If you can do below things in this can make your device unrecoverable in at-least encase. 

sudo dd if=/dev/zero of=/dev/sdc bs=512 count=16

sudo dd if=/dev/zero of=/dev/sdc bs=1M

you can give a try to various combination also.

repeat this at-least for five times this can make your USB unrecoverable

Security Beast
  • 117
  • 3