2

i have a 64 gb micro SDXC memory card that has sensitive files on it and i want to completely erase it but i heard it was impossible to be sure that your data was erased because of wear leveling ? The manufacturer (SanDisk) doesn't provide special tool for a secure erase. What if i delete the files then use a software like eraser to erase unused disk space, would this work ?

vasin1987
  • 105
  • 4
papabite
  • 21
  • 1
  • 2
  • You can take a look at this procedures (draft): http://csrc.nist.gov/publications/drafts/800-88-rev1/sp800_88_r1_draft.pdf – woliveirajr Apr 01 '14 at 14:40

2 Answers2

11

This topic has already been covered here and there. To sum up:

  • If you simply overwrite the complete disk (as a block) with data (random, null bytes... it does not matter), then there may be parts of surviving data, which could potentially be recovered by extracting the chip and reading from it directly.

  • You cannot know what data has survived without taking the chip apart.

  • Overwriting the whole disk repeatedly should eradicate (almost) all the data, but you cannot be sure of it, and it will severely diminish the lifetime of the card.

It is safer, and (in the long time) cheaper, to simply physically destroy the card. Next time, use disk encryption.

Community
  • 1
Thomas Pornin
  • 320,799
  • 57
  • 780
  • 949
  • I just want to point out that overwriting drives with zero bytes may not work if the drive implements compression in the firmware. Apart from that, this is a good answer. http://rscott.org/ssd/SSDs_and_compression.htm – user2675345 Apr 01 '14 at 08:23
1

With basic means (i.e. software to write to the memory card) I am rather doubtful that it is possible to trustedly delete all sensitive data.

Inside of such a SDXC there is a complex microcontroller. Those microcontroller is not known to you and its software/hardware is proprietary. The memory size shown by the SDXC must not reflect the complete data the microcontroller can write to. Even likely there is flash memory for 70, 80, maybe 128GB of flash memory in your device. At first this would look like an extremely wasteful way of memory usage (having 128GB worth of flash memory and only offering 64GB). However it is less wasteful considering that a fair fraction of the flash memory is defective/broken already as the outcome of an ordinary production process.

The real deal is that under the hood such a memory is pretty f***ked up. The microcontroller is to counter the messy "under the hood" by using techniques of error checking to give the appearance that the data on the SDXC card appear to be safe and guarded, while internally memory cells are dying.

hippietrail
  • 582
  • 3
  • 14
humanityANDpeace
  • 1,412
  • 1
  • 12
  • 24