I would like to wipe ALL free space on my SSD which Windows 10 is installed on, so that no previously deleted file can be recovered. How can I achieve this?
Asked
Active
Viewed 2.1k times
1
-
how hard do you need to make it to recover the deleted files? – Jasen Dec 22 '19 at 23:57
2 Answers
4
Assuming that the SSD has a properly implemented TRIM function, then Free Space should already be wiped for you, this is what TRIM does as a side effect of preparing deleted/unallocated files for reuse in an SSD.
To check if TRIM is on in Windows, from a command prompt:
fsutil behavior query disabledeletenotify
The response should be one of these:
"NTFS DisableDeleteNotify = 0" Which means TRIM is ON.
"NTFS DisableDeleteNotify = 1" Which means TRIM is OFF.
If for whatever reason you want to roll your own as it were, you can use any of a myriad of cleaning utilities or simply create a giant file of arbitrary data until you run out of space then delete the file.
That said, there are GOTCHAS to be aware of!
Wear Leveling – (Not an Issue)
This is an effect of SSD’s swapping physical storage cells with spares as the cells begin to wear out. Once swapped out, the old data in the cell is no longer reachable to be wiped. This is not a realistic concern. This data is beyond the reach of all standard forensic labs. The few that could perform the necessary chip off disassembly are rare, very expensive, and still have poor capabilities to reassemble the wear bits into anything coherent.
Windows Shadow Volume – (Big Concern)
Deleting and wiping files in Windows does not necessarily touch previous versions of those files kept by Windows for file recovery.
MFT and small files
Small files (in the under 1 KB range but varies) may be stored directly in the Master File Table instead of as their own file. This is important because when these small files are deleted, only the usage indicator is deleted from the MFT, but the MFT itself is NEVER deallocated.
Databases
Similar to the MFT, removal of an entry in a database does not deallocate the database file. Until that particular slot is reused or the database is compressed/vacuumed the data is potentially still there.
user10216038
- 7,552
- 2
- 16
- 19
-
Thanks! I didn't know about this before, and after doing some research around TRIM, I can verify that your answer makes sense in line with the articles. – Lost Crotchet Dec 23 '19 at 00:52
2
You need to plan in advance if you want to be able to securely delete data from an SSD.
Because flash memory is imperfect, individual bits wear out faster the more often they are used. To preserve drive function as long as possible, SSD memory management involves over-provisioning storage by oversizing the flash chips by anywhere up to 20% extra, and using algorithms to spread their writes across different places on the chips. These are called “wear leveling” strategies.
That means even if you use a disk wiping program that overwrites 100% of your disk’s advertised space, some of your data may remain in the over-provisioned areas of the chip. This is called data remnance.
The strategies for cleaning the disk, then, are limited to ways that don’t involve overwriting. One way is to encrypt the data before you write it, then ensure you never store the key in persistent storage. Delete the key and your data is gone. A similar feature is sometimes implemented by SSD drive manufacturers on specially made security drives that can wipe their disk keys on command.
The other way is physical destruction. Grinding the flash chips to dust prevents recovery; but not many other destruction methods are reliable against a well equipped adversary.
John Deters
- 33,650
- 3
- 57
- 110
-
1I checked the manual for my SSD and there does appear to be some "toolbox" software that includes a "secure eraser" utility. – Lost Crotchet Dec 22 '19 at 16:18