Report: Reliably Erasing Data from Flash-Based Solid State

DavidHB

Active Member
Re: Report: Reliably Erasing Data from Flash-Based Solid Sta

I'm not a developer, and, with other commitments, Joel hasn't posted here for awhile. Any erasing program that works through the file system will not be able to erase individual files and folders on SSDs and flash drives, because the wear levelling system is invisible to the file system. Erasing free space does however work, because all the available space is overwritten.

The industry seems to favour the use of drive encryption to favour security, and claims that just changing the encryption key in effect erases the whole drive. But that still does not allow individual file erasure. Ordinary users should probably take care to save sensitive data to magnetic media.

David
 

Joel

Active Member
Re: Report: Reliably Erasing Data from Flash-Based Solid Sta

I think this has been covered many times: viewtopic.php?f=2&t=1568

In short, using the unused space erasure should give sufficient security for most users (but as David pointed out in another post, security is dependent on many factors, and everyone's risk factors/risk tolerance differs.) I do not only depend on FDE as it is possible of a key compromise or a breaking of the algorithm (most implementations use AES nowadays, which is fast and good, but as it approaches its 10th birthday I'm starting to wonder how long its shelf life will be?) and I think erasure will have to work together with FDE to ensure data is kept safe.

When in doubt, sledgehammer.
 

ForensicsGuy

New Member
Re: Report: Reliably Erasing Data from Flash-Based Solid Sta

Joel said:
I do not only depend on FDE as it is possible of a key compromise or a breaking of the algorithm (most implementations use AES nowadays, which is fast and good, but as it approaches its 10th birthday I'm starting to wonder how long its shelf life will be?) and I think erasure will have to work together with FDE to ensure data is kept safe.
Absolutely correct. FDE is one line of defence. Good data hygiene is another.
 
Top