4

Assuming a given SSD supports TRIM, and is on a physical bus that supports sending that command, and the connected computer is running an OS that is aware of TRIM:

If the drive is formatted, or has had its files erased, will the data be unrecoverable after the drive's firmware has performed its full garbage collection cycle? For example, 24 hours after the fact?

I know that TRIM was initially introduced to flag blocks for later erasure to speed up writes to the underlying flash memory. However, I'm wondering if this erasure means that the data is actually unreadable, even when a user is able to put the drive in factory access mode, or has access to the physical flash chips. I've read that the data is zeroed-out (DZAT) or some other deterministic value (DRAT) when accessed sector-by-sector through the typical SAS/SATA interface, for example when using the dd command in Linux, but that only covers blocks mapped by the FTL and of course does not necessarily mean the physical memory is erased.

Are fully TRIMmed blocks truly, completely erased, or only presented as such to the OS?

craig65535
  • 143
  • 4
  • 1
    Where's Forest when you need him. –  Feb 02 '21 at 10:56
  • I would imagine what you want to know is "can the previous data from flash memory be determined in any way after the drive has erased that block?" If you want to attempt it, I recommend https://www.silicon-power.com/blog/index.php/guides/nand-flash-memory-technology-basics/ some statistics courses, some detailed quantum mechanics study, and large amounts of R'n'D funding. Even if you have the entire US military budget for this one project for decades for R'nD, even then, the answer is likely no you can't get old data out of an erased block. – BeowulfNode42 Feb 03 '21 at 01:16
  • @BeowulfNode42 What I mean is just reading from the flash memory through conventional means, without a translation layer or intervening drive firmware. But it sounds like I have my answer: no. – craig65535 Feb 03 '21 at 04:08

1 Answers1

1

If you want to use regular drive electronics, the answer is, there's absolutely no way to recover the erased data blocks from flash storage like SSDs, USB sticks, SD cards, etc.

See https://www.silicon-power.com/blog/index.php/guides/nand-flash-memory-technology-basics/ for some info on how flash memory storage works.

The tricky part of securely erasing an SSD comes from knowing that the data blocks you want to erase, have actually been erased, and are not just in the garbage collection queue, or in the reserve space area, or in some other special SSD controller area of storage.

There is also the possibility of some data still in blocks that are left over on the bad block list, that the drive is unable to erase any more times and has remapped those addresses to still working areas.

Something a lot of people seem to ignore, is that the SSD controller is continuously trying to maximise the number of erased data blocks. This is to maximise the drive performance. If the OS tells the drive to delete and TRIM (or UNMAP) all of the usable data areas then, giving the drive has long enough to complete the task, it should also cycle through the reserved space too. If the drive has zero remapped or bad blocks, then 100% of your data is unrecoverable, even by data recovery businesses.

Matthias Braun
  • 421
  • 3
  • 12
BeowulfNode42
  • 126
  • 3