Earlier this year I posted my thoughts on securely wiping data from devices, and recommended PartedMagic’s Secure Erase1 for wiping SSD’s. I am no longer recommending this method, as I have recently read that it can be ineffective. A standard Secure Erase only removes the mapping table that keeps track of allocated data. This does seem to make data recovery more difficult, but not impossible. The data is still on the drive, but the SSD will return all zeroes when someone attempts to read it. However, an adversary could perform what is known as a chip-off extraction to access the data.2 This technique is more complex and time consuming but well within the ability of a moderately capable adversary.
There is an Enhanced Secure Erase option that does actually overwrite the data, but it appears that option is not available for many drives. The interface on PartedMagic doesn’t really make the distinction between the two options clear, which I think is quite poor. The name Secure Erase clearly suggests that your data will be properly wiped. But this is simply not the case, unless you are using the enhanced option.
The procedure I now recommend is using nwipe 3(a fork of DBAN/ Darik’s Boot & Nuke). Follow the instructions on the interface carefully, you need to select which drive you want to wipe and be careful you don’t get the wrong one. I have been told that if you start the process without selecting any drive, it will start wiping them all but I have not tested that. Chose the PRNG Stream option as the method, this will overwrite the selected drive with random data. Once that is complete, run the same method again. The reason you should run it twice is because flash memory usually has a bit more space on the drive than advertised. For example a 16GB flash drive might actually have 20GB. A single pass will just write 16GB of random data, leaving a lot of that hidden “overprovisioned” space untouched. Running it twice ensures you wipe the overprovisioned space as well.
I have tested nwipe with a couple of USB flash drives, and could not recover any files once the drive had been overwritten twice, so I think it is a secure enough method.
Why overwrite with random data instead of zeros?
On magnetic hard drives it’s fine to overwrite data with zeroes, but on SSD and flash memory it is vital that you overwrite with random data instead. Flash storage can detect when it is being told to write a long string of zeros and will often just mark that sector of the drive as being all zero without actually writing the data. This is a feature that helps prolong the life of your drive by avoiding unnecessary write cycles, but it makes secure deletion a little more complicated. But if you overwrite with random data, you don’t get this issue. The data will be properly overwrittenitten and the drive wiped.
Citations