Thursday, 28 May 2015 00:00

It is very difficult to delete critical data from SSDs

  Solid State Drives
 
Rate this item
(0 votes)

In the performance of the study, which possesses essential results for all banks, firms and security companies, the scientists found that files being held on solid-state drives are sometimes impossible to delete by conventional methods of data deletion.

According to the study, the results of which were presented this week at the Usenix FAST 11 conference in California, even if the data storage devices of new generation show that files have been deleted, 75% of the data may still remain on flash memory drives. In some cases, SSDs indicate incorrectly that files were "securely deleted", despite the fact that the duplicated files remain in reserve storage.

The complexity of the secure deletion from SSDs is related to their completely different internal structure. Standard ATA and SCSI hard drives use magnetic properties of materials to write data into the physical location known as the LBA or Logical block addressing. SSDs, in contrast, use computer chips to store data in digitalized form, as well as FTL, or flash translation later, for data management. When data is modified, FTL frequently writes new files to different sectors and updates the card to display the changes.

In the process, the data remanence from the old file, which the authors attribute to the digital remaining residue, still remain in the drive.

"The differences between HDD and SSD can potentially lead to a dangerous divergence between the user's expectations and the actual behavior of the drive," - the researchers from the University of California in San Diego wrote in an 13-page article. "The owner of SSD can employ the technique of hard drive "sanitation" in the mistaken belief that this will delete data irretrievably. As a matter of fact, the data may remain on the drive and devious methods will be needed to delete it."

Indeed, the researchers reveal that 67% of the file data remains even after it has been deleted from the SSD with secure data deletion option offered by Apple in the OS Mac OS X. Other operations on the "data overwrite" - which securely delete files by overwriting the data stored in a specific location on the disk - failed with same high figures when used to delete a file from the SSD. When executing of pseudo-random operations on the data, for example, 75% of the data has remained, while the British HMG IS5 technique has slightly better results - 58%.

Selecting one or more files to delete is just a "sanitation" technique which allows continuing to use the drive on which the data was held. The researchers also found that all the techniques for data overwrite, oriented to a single file, failed to delete all digital remaining residue, even if the procedure was followed by the disk defragmentation, which reorganizes remaining data in the file system.

"Our data show that overwrite is ineffective and that "manufacturer suggested data deletion techniques' may not always work well", the article warns.

Techniques for cleaning the entire drive work just a little better with SSD. There is an isolated incident when an unnamed SSD still contained 1% of 1 GB data even after 20 consecutive attempted data overwrites on the entire device. Other drives were able to delete their data securely after two attempts, but most of them require from 58 to 121 hours for a single run, which makes the technique inviable in most cases.

The researchers also found serious failures when trying to expose SSD-media to degauss, which leads to the destruction of low-level formatting of hard drives. Since degauss is dangerous only for magnetic drives, it is not effective when applied to storage devices of the new generation. "In every case, the information was left intact," - the researchers wrote.

The researchers found the most effective way to delete data from SSD - it was the use of data encryption devices. Data deletion is executed by erasing the encryption keys from the so-called keystore. This assures reliability of data's remaining encrypted forever.

"However, the danger is that this method relies on the fact that the controller thoroughly clears internal storage that contains the encryption key and other valuable data that can be useful in the cryptanalysis", the researchers wrote. "We found these bugs while executing some clearing commands. It is over-optimistic to believe that SSD manufacturers will thoroughly clear the keystore. Moreover, there is no way to make sure that the clearing has been executed (for example, if you remove the drive). "

The study was carried out by writing the files detected by signatures on SSD and later using special devices, which had to find signs of any residual data after the use of secure techniques for files deletion. The research device is about $1000, but "a simpler version based on the micro-controller will cost $200 and require only a limited amount of technical skills to create it", they said.

If you experienced any sort of trouble with you Solid-State Drive in Salt Lake City, UT, contact our data recovery Utah lab

Last modified on Thursday, 28 May 2015 13:04
Data Recovery Expert

Viktor S., Ph.D. (Electrical/Computer Engineering), was hired by DataRecoup, the international data recovery corporation, in 2012. Promoted to Engineering Senior Manager in 2010 and then to his current position, as C.I.O. of DataRecoup, in 2014. Responsible for the management of critical, high-priority RAID data recovery cases and the application of his expert, comprehensive knowledge in database data retrieval. He is also responsible for planning and implementing SEO/SEM and other internet-based marketing strategies. Currently, Viktor S., Ph.D., is focusing on the further development and expansion of DataRecoup’s major internet marketing campaign for their already successful proprietary software application “Data Recovery for Windows” (an application which he developed).

Latest from Data Recovery Expert

More in this category: « Solid State Drive usage and maintenance Advancement of solid state drives »

Leave a comment

Make sure you enter the (*) required information where indicated. HTML code is not allowed.

back to top
Copyright © 2024 DataRecoup Recovery Services. All Rights Reserved. Designed by DataRecoup Lab.

Get Help Now

800.659.3012
Thank you for contacting us.
Your Private Investigator will call you shortly.
Click to Text Us!