Earlier this year I posted my thoughts on securely wiping data from devices, and recommended PartedMagic’s Secure Erase1 for wiping SSD’s. I am no longer recommending this method, as I have recently read that it can be ineffective. A standard Secure Erase only removes the mapping table that keeps track of allocated data. This does seem to make data recovery more difficult, but not impossible. The data is still on the drive, but the SSD will return all zeroes when someone attempts to read it. However, an adversary could perform what is known as a chip-off extraction to access the data.2 This technique is more complex and time consuming but well within the ability of a moderately capable adversary.

There is an Enhanced Secure Erase option that does appear to properly overwrite the data, but this option doesn’t show as being available for many drives. And the PartedMagic interface doesn’t really make that clear, which I think should be fixed. The name Secure Erase clearly suggests that your data will be properly wiped, PartedMagic should put some prominent warnings in the interface to let people know that isn’t the case unless they choose the enhanced option.

The procedure I now recommend for wiping SSD’s and flash memory is nwipe 3(a fork of DBAN/ Darik’s Boot & Nuke). This tool is also available on the PartedMagic live OS. Follow the instructions on the interface carefully, you need to select which drive you want to wipe and be careful you don’t get the wrong one. I have been told that if you start the process without selecting any drive, it will start wiping them all but I have not tested that. Chose the PRNG Stream option as the method, this will overwrite the selected drive with random data. Once that is complete, run the same method again. The reason you should run it twice is because flash memory usually has a bit more space on the drive than advertised. For example a 16GB flash drive might actually have 20GB. A single pass will just write 16GB of random data, leaving a lot of that hidden “overprovisioned” space untouched. Running it twice ensures you wipe the overprovisioned space as well.

I have tested nwipe with a couple of USB flash drives, and could not recover any files once the drive had been overwritten twice, so I think it is a secure enough method.



Why overwrite with random data instead of zeros?

On magnetic hard drives it’s fine to overwrite data with zeroes, but on SSD and flash memory it is vital that you overwrite with random data instead. Flash storage can detect when it is being told to write a long string of zeros and will often just mark that sector of the drive as being all zero without actually writing the data. This is a feature that helps prolong the life of your drive by avoiding unnecessary write cycles, but it makes secure deletion a little more complicated. But if you overwrite with random data, you don’t get this issue. The data will be properly overwrittenitten and the drive wiped.


Citations

  • [1] Parted Magic's Secure Erase
  • [2] Forensic Focus - Countering Anti-Forensic Efforts – Part 2
  • [3] nwipe