In SSDs, data is written electronically and not magnetically. This data is stored in pages that vary in size from SSD to SSD. These pages are then grouped together into erasure blocks. These erasure blocks are then zoned together based on the physical address in the flash chip. Data is not written to the pages sequentially; rather the data is striped across the erasure blocks and is managed by the wear-leveling controller. When the data stored on the disk is modified, the wear leveling controller moves the entire block to a new location and schedules the original block for erasure. In short, the user has no control over where the data is written and updates to files will more often than not end up in new locations on the media.
With this basic understanding of the way data is written, we can now look at the different erasure methods and their impact on both HDDs and SSDs. Data destruction can be categorized into three methods: software based data erasure, degaussing and physical media destruction.
Software based erasure has been around for a long time and has become more accepted as a method for data destruction as more and more data erasure standards are created and adopted. Built for HDDs, traditionally this method writes a pattern of data to each sector of the disk in a sequential manner, overwriting the original data and making it unrecoverable while still leaving the HDD functional. This makes software a viable solution for HDDs you want to reuse. For media that stores data like the SSD, this is not a good method for data destruction. The erasure software is not able to control the specific region the data is written to, as this is controlled by the wear-leveling controller. Arguments have been made that using the TRIM command or other commands built into the SSD, will ensure a secure erasure can be performed, but research has shown that these methods are not always successful in removing the data from the drive. So while software erasure is a good solution for HDDs, it does not yet seem to be the right solution for data destruction for SSDs.
Hardware based degaussing has gained traction in recent years as an alternative to software erasure. Pricing for degaussers has dropped and the physical units have gotten better at destroying media. The degausser works by sending a magnetic pulse through the media. For HDDs, this is a very quick solution that reorients the bits on the disk thus destroying the user data and in most cases rendering the HDD inoperable. For SSDs, this is not an effective solution as the data is not written magnetically, but rather stored electronically.
The best way to destroy data on both HDD and SSD drives is physical media destruction. This typically involves shredding the media. As long as the process “shreds” the SSD media into pieces that are small enough that a single chip cannot escape damage, this is the ultimate data destruction method. Care should be taken however, to make sure that the shredding is done in such a way that no loose chips end up untouched in the shredded mass. If the chip is not damaged by the shredding process, it would be possible to recover data from it.
It is important to keep in mind how data is written to different types of media when developing your data destruction and asset disposal plans. Not all erasure and destruction services work with all of the different types of media. The next article in this series will discuss best practices and help you develop your own plan for asset disposal.Reference: http://thedatarecoveryblog.com/2012/12/10/ssd-vs-hdd-data-destruction-and-asset-disposal/