Here's
more interesting reading about the topic, it's a long article but makes you understand more the issue. And a
following article by the same guy.
Interesting read. However, afaik all those studies focus on deleting one single file.
I guess if, after deleting a file, one runs a full "clean free space on disk", then everything should be erased properly.
Would that be correct?
AFAIK, no. I'll quote a comment posted in the 1st article link above:
None of the other techniques (trim, format, overwrite…) are really efficient since the SSD controller doesn’t let you control what physical areas of the drive you access, so you have no guarantee that you actually scrubbed everything.
You proposal to format, then encrypt the whole disk with TrueCrypt after the fact will not work either: SSDs are over-provisioned to cope with wear, they actually have more physical space than they report so “encrypting the whole disk” would not actually overwrite all blocks.
Encrypting the drive from the start, then securing erasing it would probably be more effective.
But in the end, it all comes down to the fact that you don’t know and don’t control what the SSD actually does.
So, again AFAIK (because this issue is really hard and there doesn't seem to be a "definitive answer"), even wiping the whole drive is not a fully secure way to get rid of data on SSD's. Here's
Hardwipe tool developer's comment (reading the following, one has to take into consideration that wiping is their business):
Flash Memory
Limited write cycle endurance and associated wear leveling techniques used in flash memory devices present special considerations.
When wiping individual file items, there can be no guarantee that existing data will be fully overwritten at the physical level in solid-state drives (SSDs) and USB flash drives. However, this is not a reason not to do it. Although wiping individual files may not prevent full or partial recovery should the device electronics be subject to forensic analysis, it will usually be sufficient to thwart recovery software reading at the device interface, including "undelete" and disk imaging utilities.
Overwriting the entire accessible storage of a flash device represents a more reliable method of data destruction. It has been found* that a full drive overwrite using a two pass sanitization scheme (or more) can be expected to destroy most of the data on the device, but should not be considered to be universally reliable. However, writable flash memory elements have a limited life in terms of erase cycles (around 3,000 to 5,000 cycles), hence the use of wear leveling techniques in these devices. For this reason, overwriting an entire SSD, or a large proportion of its storage area, should be a task performed only sparingly.
Encrypting the whole drive from the beginning seems to be the best option. However, that too seems to have pitfalls too. One commenter (from 1st article link):
One thing to note about encryption on ssd, most forensic tools were best on the encrypted drives because trace elements of the key are left unencrypted.
Also one might find the
Recovering Evidence from SSD Drives article by Belkasoft interesting.
Erasing SSD is a difficult issue. I'm not using a SSD yet, still with HDD and erasing regularly some files, but when I'll start using SSD's, with the information I now have, I'll most probably start using full disk encryption and forget erasing completely. FWIW.
