Erasing a Hard Drive? Not so Fast...

Category: Hard-Drives

It’s surprisingly difficult to permanently and securely delete data from a Solid State Drive (SSD) or USB flash drive, some researchers have discovered. If you have a portable USB flash drive, or a laptop with an SSD hard drive, here's something you need to know...

Sanitizing Flash and SSD Hard Drives

I've written previously about erasing all the data from your hard drive, in my article Completely Erase a Hard Drive. So you may know that simply issuing the DELETE and/or FORMAT commands really just hide (rather than irretrievably erase) the data. That's why there are special programs written for that purpose.

What you probably didn't know is that those programs work very well for traditional magnetic hard drives, but not well at all for flash drives or SSD hard drives. Even worse, researchers at the Non-Volatile Memory Lab at UC San Diego have discovered that many solid-state drive vendors have not properly implemented the “sanitizing” features of SSD standards, leaving random clusters of data still on a supposedly “cleaned” drive.

Even physically damaging an SSD drive may not be enough. In a paper entitled, Destroying Flash Memory-Based Storage Devices, the researchers calculate how finely one must grind up a flash-based storage device to ensure that its contents can’t be retrieved by spies of three different levels of sophistication.
Erase SSD drive

It’s not enough to just break a flash drive in half or drill a few holes in it. At the least, you must make sure the biggest piece is no more than 7.5mm (about ¼-inch) in its longest dimension. Frustrating a hypothetical worst-case spy who has unlimited resources and time requires grinding the storage device up into nanoparticles.

Why Is This Important?

The USCD team's findings are important because there are lots of USB flash drives bearing sensitive data, and because SSD hard drives are the growing future of mass storage. Flash drives are small and cheap; they get lost or are casually discarded. SSDs are currently expensive but their prices are falling rapidly; eventually, they may surpass magnetic media as the most popular mass storage medium.

Even though the UCSD report was issued in 2011, there are plenty of USB flash drives still in use that are more than three years old. Ditto that for laptops with SSD hard drives. And even though the authors of the study suggested ways for solid state drive makers to improve the built-in sanitizing software, I can't find any evidence that they've done so. (If you can, I'd love to update this article with that information.)

There are standard commands programmed into drive controllers for sanitizing whole flash drives or specific files on a drive. Every drive maker incorporates these commands into its products in a proprietary program. The UCSD team tested the sanitizing effectiveness of a dozen vendors’ flash drives, with widely varying results.

The tests revealed that while some drives could be completely sanitized by overwriting the entire drive with random patterns of bits and then deleting the disk-filling file, none of the drives was 100 percent reliable in purging specific files. (Unfortunately, the study does not mention the actual brands or models used.)

The “Erase Unit” command to overwrite the entire drive was fully effective in only four of the dozen SSDs tested. One model reported that the drive had been completely sanitized but, in fact, did absolutely nothing! The drive partition could still be mounted and all of the data remained intact.

Sanitizing individual files was also erratically effective, or ineffective. Between 4 and 75 per cent of each “sanitized” file’s contents remained readable on SSDs. On USB flash drives, between 0.57 and 84.9 per cent of a “sanitized” file’s contents remained readable.

Part of the blame for these dismaying results clearly lies with vendors who write buggy drive controller software. But the international standard on which all such software is based is another culprit; it was written with magnetic media in mind, not electronic memory. SSDs and flash drives use a different, more complicated scheme to store data.

An Alternate Approach

The researchers recommend a different approach to ensuring that data is rendered permanently unreadable on electronic storage devices. Instead of overwriting the data, lock it up and throw away the key. Encryption software such as TrueCrypt or PGPdisk can apply 128-bit AES encryption to entire drives or individual files. Erase the key used to decrypt the data and it becomes virtually impossible to retrieve. (See FREE Encryption Tools to Protect Your Data)

If you're like me, you may have a drawerful of USB flash drives dating back ten or more years, and most of them are just too small to be useful nowadays. With this information in mind, it's wise to think twice about donating, selling or even casually disposing of any that could be storing sensitive data. The same applies to a laptop with an SSD hard drive. Unless you're 100% certain that your personal data can be permanently erase, it would be better to install a new SSD drive in the laptop, and do a fresh install of the operating system.

Of course, if your solid-state drive contains nothing of great value, putting it inside a paper bag and giving it a few good whacks with a hammer will probably be sufficient. A determined person would have to spend lots of time and money to recover the data. Encrypting the drive before inflicting physical damage would make recovery much more difficult. If you've got personal, confidential or proprietary business data on the drive, don't rely on tools written for magnetic drives. A commercial hard drive shredding service would be my recommendation.

Your thoughts on this topic are welcome. Post your comment or question below...

 
Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 15 Apr 2014


For Fun: Buy Bob a Snickers.

Prev Article:
Is Carfax Reliable?

The Top Twenty
Next Article:
Geekly Update - 16 April 2014

Most recent comments on "Erasing a Hard Drive? Not so Fast..."

(See all 25 comments for this article.)

Posted by:

Michael
15 Apr 2014

Another pretty good way of destroying a hard drive is to drill holes through it, ...lots of holes, big holes if possible.


Posted by:

Quebec City
15 Apr 2014

I would just burn them in my wood stove or on the terrace stove!


Posted by:

SLEDGE
15 Apr 2014

Any drive, storage devise, can be made safe with a propane torch. One minute burn should do the trick.


Posted by:

Walter T
15 Apr 2014

Another way to obliterate old data on a USB stick or SS drive might be to first to "delete" all files, and then fill up the drive with multiple copies of some large but non-sensitive file. Keep re-copying files to the drive until zero bytes are available. I _think_ that would work.


Posted by:

Oldunshavenone
15 Apr 2014

What about using CCleaner's Overwrite program? Is that useful enough to erase data for all but the most sophisticated retrieval attempts?


Posted by:

John
15 Apr 2014

In reference to destroying data, would incineration of any kind destroy the drive enough to make it useless?


Posted by:

Michael Brose
15 Apr 2014

How about putting the offending SSD in the afore mentioned paper bag, and after applying an amount of charcoal lighter fluid to it you set it on fire? Of course you may want to do this in your driveway or charcoal grill rather than your kitchen. You may then place it in a large amount of used cat litter and send it merrily on it's way to the dump. Merely a suggestion, but I'll bet it works.

Mike


Posted by:

Ole
15 Apr 2014

Bob.
I wonder if using a high output heat gun would render the SSD data un-recoverable


Posted by:

Carlos
15 Apr 2014

About the article "erasing a hard drive , not so fast".
As suggested encrypting an SSD or flash drive will be better protection of data but can you use the drive after that by doing a low level format or if this is not possible why not just apply a hammer to it and find a burial site and put the pieces in there


Posted by:

Peter Ballantyne
15 Apr 2014

I wonder if the best way to make a flash drive or SSD totally unrecoverable would be to toss it into a really hot fire or even run a gas torch flame over it. Sounds pretty drastic I know, but surely that would be a guaranteed way to do it - - - wouldn't it Bob?


Posted by:

doc
16 Apr 2014

Bob, seriously - why not just nuke them on 'high' for a couple of minutes. Wouldn't the EM field of the microwave 'scramble' (if not destroy) the data on a flash or SSD drive? or is it way to weak?? would like an answer - I have a friend who destroys his simm cards by microwave and swears by it. Someone in our IT/comp engineering program suggested that to him so at least someone with an MS if not higher thought that would work . . .thanks, doc

EDITOR'S NOTE: I would not recommend putting any electronics in the microwave, oven, fireplace or indoor wood stove. You might be releasing toxic materials that you don't want you be breathing.


Posted by:

Doug
16 Apr 2014

If you erase then fill the drive with country music, rap or Justin Beiber and appropriately label the drive ... nobody would ever care to even look at what else might be on it.


Posted by:

Old Man
16 Apr 2014

Just curious, what kind of super sensitive data is on these things that you want to completely destroy them? Why not just keep using them until they quit functioning?
In the case of smaller flash drives, just put them in the garbage (don't tell the environmental folk, though) to be buried. Even SSDs can be taken apart and disposed of in this way. Who will actually be looking through the garbage to see if there's a memory device in it?
Maybe it will be found by some archeologist in a million years, but so what? By then, no one will even know you existed. Also, someone would probably have to do a lot of research just to see what the thing is.


Posted by:

Jerry
16 Apr 2014

Unless one is completely neurotic about someone trying to resurrect their "secret" data and you know that your household trash goes to the incinerator, just put it in the garbage and let it be taken away.


Posted by:

Intelligencia
17 Apr 2014

Hello Mr. Rankin and my fellow Rankinites!

Hook up a regular external hard drive to your solid-state computer and when downloading material just send it DIRECTLY to your external hard drive where it will go directly into your TrueCrypt vault to be Securely and Safely stored!

I think this is SO Neat where the material never touches any of the Solid State drives.
(If I am wrong about this protocol then I stand corrected. Please let me know!)

. . . with an Open Mind,

TR


Posted by:

Doc
17 Apr 2014

Bob, thanks for the answer, though environmental issues often take back-seat to paranoia. In general I was just wondering if a microwave would work to scramble the data. Though we all have to remember that we all live in a world in trouble from pollution already, and some of the chemicals used ARE poisonous to people.

**ALSO TO ALL OTHERS WHO WANT TO OVER-WRITE**: depending on how paranoid you are (or really do have enemies that want you that badly) overwriting a drive multiple times still leaves a magnetic signature under the data that occupied that space.

With programs and machines in the 10's - 100's of thousands of dollars, the stronger magnetic signatures can be 'filtered' out, and the data underneath can be read - it's simple but very expensive. CCleaner would not work, it just marks the address 'unoccupied' even if something is living there. And if something is living there, it can be found without any trouble, it's more for the maintenance of your computer than really "destroying" data.

Though I do wonder about PrivZer© working with 35 write-overs, though they do say that the DOD 3 pass method is good enough.

If you have someone who you think has the special machines and programs AND TRAINING to read very faint magnetic signatures, I think you have FAR more serious problems to worry about than someone finding an 'erased' disk and reading what's on it.

I use Mafia Disk Doctor© on all mag. disk drives, Cals .308, .223, .270 or .30-06 or the perennial favorite .22LR all work just about as well as any gauge shotgun. But have not really thought a lot about flash or SSD's yet. I think John Henry and his 9 pound hammer would solve the problem as Bob pointed out. And I also agree that a lot of the chemicals used on disks are poisonous when vaporized, and our planet's atmosphere is not the best place to store your deleted data. That's NOT what they mean when they talk about "The Cloud".


Posted by:

Therrito
18 Apr 2014

Hello Bob :-)
Great article.
I use DBAN (Darik's Boot And Nuke) to wipe any drive I feel a need to, especially if I am going to do a fresh install of Windows.
The program writes zeros to all sectors to "erase" the drive and essentially makes all other data unreadable.
I would like your thoughts on this.


Posted by:

Backwoods
18 Apr 2014

Why not put your drive in a re-sealable bag and fill it with water for a couple of days.


Posted by:

Frank
18 Apr 2014

How is this for a (tongue in cheek) solution? Hire a programmer to record a lot of porno pictures on the drive to fill it up and then require the unwary user to enter his name on the drive to decrypt it so that the porn is visible. His name is now on the hard drive. He feazrs that his boss will find out and to protect himself, he will apply the hammer treatment for you.


Posted by:

Frank
04 Aug 2016

Can you tell me whether or not a high powered electrical magnet will do a clean wipe of internal hard drives SD Cards And external hard drives.


There's more reader feedback... See all 25 comments for this article.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.


Article information: AskBobRankin -- Erasing a Hard Drive? Not so Fast... (Posted: 15 Apr 2014)
Source: http://askbobrankin.com/erasing_a_hard_drive_not_so_fast.html
Copyright © 2005 - Bob Rankin - All Rights Reserved