4
I read this lifehacker article with regards to easily recoverable data on SSD post-formatting.
What do you guys recommend?
Edit: Returning for a sale return. Sorry should of included that originally.
Belmin Fernandez
Posted 2011-02-24T15:56:25.433
Reputation: 2 691
3
Since the problem is that the you don't have control over the physical location of the data it seems that one approach would be to fill the disk. In Linux you could do
dd if=/dev/random of=/dev/sd* (where * is your device system ID a,b,c..).
In that way you are writing the entire disk. But I'm not 100% sure about "spare" sectors.
DrNoone
Posted 2011-02-24T15:56:25.433
Reputation: 1 267
Thanks Dr. Noone. I like this idea. Although using a * wildcard as a placeholder for a device ID in an example is probably not the best choice ;-) – Belmin Fernandez – 2011-02-24T21:21:57.527
@nimmy, he doesn't actually mean to use the * wildcard inplace of the device... just as an 'insert your drive letter here" designation – g19fanatic – 2011-02-25T04:33:43.930
This will not work because it won't get to the data not directly exposed to the OS, like spare sectors. – Mr Alpha – 2011-02-26T13:11:40.697
2
I would recommend good risk analysis.
Loading erased (overwritten) data from SSD isn't trivial task. Average new buyer is not going to try it. If there isn't something very very important (military secrets? Large database containing personal information? Something that'll get people killed?), I wouldn't bother to care more than normal wipe/format (not quick format, though).
Instead of dd, I would use wipe or DBAN (wiping live cd). In original research paper there was clearly told that multiple iterations reduce amount that can be restored.
Single dd over data do not destroy that much, but for example 25 iterations with DBAN destroys most of it.
In the future: if you want to save secret data to SSD, I recommend using full disk encryption whenever possible. That way recovering data isn't that big problem, assuming your encryption passphrase is long enough.
Olli
Posted 2011-02-24T15:56:25.433
Reputation: 6 704
1can you point to one real world example of one dd wipe not being enough? It is overly exaggerated that one wipe is not enough. – g19fanatic – 2011-02-24T19:42:26.917
@g19fanatic: for better wiping you have to pay electricity, which is almost... 0$/€ in most countries for few hours of using laptop. If I would care about restoring data from SSD, I would also think that one overwrite is maybe not enough. Whether it's theoretical or not. Also, every serious data wiping standard specifies multiple overwrites with random data. There time also costs money, it's hard to believe someone made (multiple) practical jokes by claiming that multiple overwrites is good idea. – Olli – 2011-02-24T19:54:09.630
not making practical jokes, people who do not know technical details are often the ones who write standards. When someone says, overwrite all bits with zero in one pass and you'll be secure, someone who doesn't know anything will say why not do multiple 'just to make sure'... Its all hocum... one pass is more than enough. – g19fanatic – 2011-02-24T20:02:30.277
Non of the traditional erasing techniques work properly on SSDs. Not even the 25-pass Gutmann wipe is guarantied to erase it. There has been some recent research in the matter: http://cseweb.ucsd.edu/users/swanson/papers/Fast2011SecErase.pdf
– Mr Alpha – 2011-02-26T13:24:03.5531
Intel has a tool as part of their Intel SSD toolbox (version 2.0 and above) that allows you to really, securely wipe an SSD. I'm not sure if its intel only or not.
However, there is some extra protections built into the tool. It can't be the boot drive, and can't have any partitions on the drive (so you'll have to delete the partitions). They are described pretty well in the manual (download the PDF Manual), about page 20 or so.
Edit*. Also, you can use a linux boot drive or disk, and follow the steps here to issue a ATA Secure Erase command. (its a command built into the drive itself).
Keep in mind, that lifehacker article was also dealing with people that de-soldered and physically removed the flash chips from the drive, and created and programmed their own controller to read data directly off the microchips.
Since it completely destroys the drive, not many people are going to do that to find out what web pages you might have visited in your browser cache...
If you have data that is THAT critical, you can just destroy the drive with a hammer, buy a new drive, and return it with that.
Brian
Posted 2011-02-24T15:56:25.433
Reputation: 2 934
It's not going to 'completely destroy the drive', there is no reason to not to solder chips back after reading. :) – Olli – 2011-02-24T19:21:10.623
Is this a laptop going for repair or a sale return or is it being returned to work stock etc.??? – Linker3000 – 2011-02-24T16:03:22.933
Sale return. Sorry, should of mentioned that. – Belmin Fernandez – 2011-02-24T16:28:35.637