Erasing Flash card

mina

New Member
Maybe it is stupid question, but is Eraser useful for deleting files from compact flash cards?
 

Sami

Member
Although a CompactFlash memory card should be able to handle even hundreds of thousands of writes per sector, I wouldn't recommend erasing one. Multiple overwriting passes especially are targeted for magnetic media, and they would produce nothing but excessive wear on a memory card. Perhaps Eraser could be used with Microdrives though?
 

Gralfus

Member
It could be used to zero out the card without adversely affecting it.
 

jim9

New Member
I don't see how it could be wear on a flash card. It's basically like RAM, is it not? No moving parts. I would think it's more wear to wipe magnetic media.

Also I think they really need to state in the Eraser features or FAQ whether it works on flash cards or not.
 

Gralfus

Member
Yes, Eraser works fine on flash cards. I just ran a test on a 16MB card I use in a camera. Here was my procedure:

1. Made a forensic disk image of the card, using "dd" as a disk imager.
2. Ran "foremost" on the image and extracted 15 JPG files, some of which were deleted a year ago (via the format command on the camera).
3. Ran eraser on all visible files on the card.
4. Ran eraser free space wipe on the card (1 pass, pseudorandom data).
5. Made another forensic copy of the card.
6. Ran "foremost" on the second image. No files of any kind were extractable from the image.
7. Verified that the card still worked in the camera. It did, as expected.
 

jim9

New Member
Thanks, Gralfus. So is 1 pass safe enough, security-wise?
 

Gralfus

Member
I have never met a forensics program that could recover any data after one pass of overwriting. Some people *believe* that such programs or technology exist, but they have not been demonstrated effectively on modern drives, at least publicly.
 

GHall

New Member
jim9,

Flash memory is NOT like RAM. It does have a limited write/erase lifetime. Flash must be erased in blocks and each time a block erase occurs there is some small probability that those cells (bits) will not function any longer. Most flash chips will state it like this "1,000,000 write erase cycles". This may sound like a lot, but it can add up fast when doing multiple write/erase cycles like Eraser is designed to do.

There is one problem that comes from this, since the flash itself has a limited write/erase count, the flash controller on many flash card do what is called wear leveling. They spread the write and erase data across the entire card capacity to minimize cell wear. This means that eraser says to write to a specific location for one overwrite pass, but the card controller writes to a new location to minimize "wear".

Eraser has no control over this and the functionality is built into the flash card.

The value of multiple overwrites to flash based memory is not as critical as for magnetic storage media. While there are techniques to recover the data, it is much less common and more difficult to do with Flash that a Hard Disk/Floppy disk/Tape.

If you are truely interested, read the Cutmann paper. It addresses this topic for both RAM based memory cells and Flash based memory cells.
 

jim9

New Member
If a card allows 1,000,000 erases, even if choosing Eraser's 32 erases choice, I could do that every single day for 85 years. :)

I'm not sure of you're point about the wear leveling? Is that a problem?
 

GHall

New Member
Wear leveling and using ERaser on Flash

Yes it is a problem. The flash controller thats in the card will determine exacly what sectors of physical flash are written to. For example, say eraser is used with 7 passes to "overwrite" a particular sector of flash memory. The controler can erase the desired sector only once and then spread the remaining 6 overwrites to different physical sectors to spread out the "wear" on the flash drive.
I spoke with a SanDisk rep today and he indicated that they have started to drop support for wear leveling. You are correct about the taking 85 years to reach 1,000,000 erase/write cycles... but only if you write to a sector once a day. There are many functions that write the same file, to the same location hundreds or even thousands of times a day.
SanDisk refers to the flash for these application as hi-rel (High Reliability).

So any flash memory that has wear leveling cannot be gauranteed to be overwritten as many times as you think unless the entire flash is overwritten. Again, if you are truly paranoid about this subject, read " Data Remanence in Semiconductor Devices" by Peter Gutmann. It is a very good summary of how data can be recovered from RAM or Flash, but also illustrates the difficulty that it would take to do so. It has a simplified intro to Semiconductor Physics so you can understand the difference between RAM and Flash memory and why each acts the way it does.

For the super paranoids, use Eraser to write random data 50-100 passes to the ENTIRE Flash disk BEFORE you store any files on it. Read the paper to figure out why. Then, if you MUST destroy the files that were stored on it, Overwrite the entire flash drive with several passes of random data. Any wear leveling could spread the passes out over the entire disk... maybe.

If you are ultranoid, use a belt sander to grind the flash drive to powder. Collect this dust and combine it with the shreddings from your NSA certified paper shredder. Burn the entire collection until it is carbon, then mix the ashes with water and pour down the drain. Anyone that recovers data after that, deserves it.
 

GHall

New Member
FYI.. the 1,000,000 write/erase cycles is typical for High Reliability Flash. I have seen some that quote as low as 10,000 instead.
 

Kythe

Member
I have used Eraser to wipe the content of flash drives before. I use only one overpass (the same issue mentioned above with the limited write cycles of flash memory) which frankly is enough unless someone wants to break open the drive, use fuming nitric acid to remove the flash memory chips and then image them with an electron microscope. And even that technique may not work. It's an operation only a skilled, equipped lab could carry out at considerable cost.

For most people, one pass is enough. If you really need more, then consider destroying the drive (down to the chips themselves) and get a new one. Or use a program like Truecrypt to create an encrypted virtual drive on the flash drive and store all your information in that.
 

Kythe

Member
As far as "wear leveling" is concerned, my understanding is that eraser creates content on the drive (in the form of multiple random files) until it's filled. So it doesn't matter what sectors are chosen by the controller to fill initially: all of them are filled during a pass.

As GHall noted above, that may not be the case when you're not clearing the contents of the entire drive -- thus, wiping an individual file even once may not be possible on a flash drive. I'd be interested in knowing more about that situation.

Anyway, yeah, running a Gutmann would be problematic if you specifically want to flip bits in a controlled fashion. But that technique's designed for hard drives specifically--flash drives shouldn't need special RLL encoding; they can simply store the data. If one wants to run multiple passes on a flash drive (unnecessary, IMHO) then just use pseudorandom data.
 

jim9

New Member
Kythe said:
As far as "wear leveling" is concerned, my understanding is that eraser creates content on the drive (in the form of multiple random files) until it's filled. So it doesn't matter what sectors are chosen by the controller to fill initially: all of them are filled during a pass.
Can anyone else confirm that?
 

Kythe

Member
jim9 said:
Kythe said:
As far as "wear leveling" is concerned, my understanding is that eraser creates content on the drive (in the form of multiple random files) until it's filled. So it doesn't matter what sectors are chosen by the controller to fill initially: all of them are filled during a pass.
Can anyone else confirm that?
This is from the FAQ:

When I erase unused disk space I get a warning saying that the disk is full! Is this normal? What should I do?
When erasing free disk space, Eraser fills your hard drive with temporary files and overwrites them. Therefore, for a short period of time, there will be no space left on your hard drive and Windows warns you about this. You don't have to run Disk Cleanup, and can safely ignore the warning message, because when Eraser is done, it will delete all temporary files it created.
 

jim9

New Member
Sorry for late reply.

That's for hard drives. So does it do the same for flash cards?
 

Kythe

Member
jim9 said:
Sorry for late reply.

That's for hard drives. So does it do the same for flash cards?
Well (again, to the best of my knowledge), Eraser sees a drive to fill up and creates files of random characters until it's full. It stands to reason that the function is carried out in the same way on anything that appears to be a drive.

I would think you could test this function with file recovery/raw disk viewing software.
 
Top