Erasing USB key Drives

Please post your support questions here.

Moderators: Eraser DevTeam, Eraser Moderators

Erasing USB key Drives

Postby freestyle » Thu Jan 05, 2006 2:51 am

There seems to be a serious misunderstanding about the way USB drives work on this forum which can lead to security risks. Virtually every post I've seen on the subject here states that USB drives can be securely erased using eraser "because they are magnetic." However, that's simply not the case.

USB drives use wear-levelling algorithms - sort of a low level file format that resides in the key and is lower level than the operating system's file system. Whenever a file is written to the USB key, it distrubtes the file in a psuedo-random fashion across the key's memory cells so that no one cell gets written too many times. This extends the operative life of the key because any one memory cell has a limited number of writes before it dies. Therefore, since Eraser essentially writes files full of random data a certain number of times, there is no way of knowing if the particular data you wanted "erased" has in fact been overwritten even once.

Take for example, a popular version of wear-leveling in USB keys found in TrueFFS. Their site states: When a file needs to be updated, TrueFFS (through NFTL) does not overwrite the old data. Instead it writes it to unused blocks and directs subsequent read accesses to these blocks. The old data will be marked as "old", and will not be erased until the block has to be reused

Even doing a complete wipe of a key doesn't guarantee that you'll overwrite every cell in the usb key! Therefore, if security is really at issue and you want to secure your USB key, I advise that you use an encryption program, such as Truecrypt. In that case, all the memory is at least encrypted.

Therefore, in short, don't rely on "erasing" a USB key for security. It won't do the job. Instead put your data in an encrypted volume on the key or encrypt the entire USB key. Some good discussion of this issue can be found at: http://forums.truecrypt.org/viewtopic.php?t=1702

Encryption of your USB key also offers another benefit over "erasing." Encrypting your USB key instead of "erasing" also reduces the wear on the key's memory cells from repeat file writes during "erasure" of the USB key.

Cheers.
freestyle
 
Posts: 4
Joined: Thu Jan 05, 2006 2:07 am

Postby Glenn » Fri Jan 06, 2006 12:03 am

I know USB flash memory is not magetic (so multiple passes won't help) but if Eraser is:

1. erasing a specific file by overwriting; or

2. erasing unused space by filling an entire drive with random data;

why wouldn't deleted data be wiped?
Glenn
 
Posts: 68
Joined: Sat Oct 29, 2005 1:40 am

Postby freestyle » Fri Jan 06, 2006 12:18 am

The problem lay in the fact that it is not "overwriting" the file. When you save a new copy of a file over an old copy of the file in a USB drive, it doesn't overwrite the cells that the old copy occupies. Instead, it marks those cells as available (but the contents still remain) and then writes the new copy to other cells and updates the FAT to indicate where the new data is being written. Therefore, Eraser doesn't actually write over the old file with its new file because the USB key drive redirects the writes to random cells, not the cells that your data originally occupied. Your old data is still there, just marked "available" so the OS recognizes it as free space.

I'm beginning to change my mind about the full-drive erase though. My understanding of how eraser does the full drive erase is it completely fills the drive with files that contain random data and after the drive is completely full, it deletes those files. If that's the case then a full erase might effectively erase the USB key drive because each cell will be occupied with random data.
freestyle
 
Posts: 4
Joined: Thu Jan 05, 2006 2:07 am

USB Erasure

Postby freestyle » Fri Jan 06, 2006 12:39 am

In other words, to truly "erase" any given file on a USB key drive, the program doing the erasing would have to interact directly with the low-level routine of the USB key drive so that the memory cells that contain the copy you want to erase can be written to directly.
freestyle
 
Posts: 4
Joined: Thu Jan 05, 2006 2:07 am

Postby Glenn » Fri Jan 06, 2006 5:31 am

I'm not saying you're wrong but a couple of observations:

1. If I delete a very large file on my 1GB USB flash memory, it's virtually instant (since it is just updating the FAT). But if I use file Erase, it can take over 2 minutes (which seems consistent with the 7MB/sec write speed of the device). Are you saying Eraser is just blindly writing to the media but not necessarily over the correct area?

2. I have recovery software that easily recovers deleted files but it can't recover Erased files on my USB flash memory.
Glenn
 
Posts: 68
Joined: Sat Oct 29, 2005 1:40 am

Postby freestyle » Fri Jan 06, 2006 8:26 am

1. If I delete a very large file on my 1GB USB flash memory, it's virtually instant (since it is just updating the FAT). But if I use file Erase, it can take over 2 minutes (which seems consistent with the 7MB/sec write speed of the device). Are you saying Eraser is just blindly writing to the media but not necessarily over the correct area?


Yes. Erase works at the OS's level, not at the USB's key's level. A file erase using eraser will randomly write to cells on the USB key because the wear-levelling the USB key does once it receives the "write" command from the OS. What cells get written to are not dependent on the OS's write command but on the algorith used by the USB key.

2. I have recovery software that easily recovers deleted files but it can't recover Erased files on my USB flash memory.


That's because the USB key says that the old cells are "available" for rewrite (effectively telling the OS there's nothing there) - your program doesn't have access to the USB key's logic. If someone were able to access the USB key's logic (which I'm sure the manufacturer or a sufficiently sophisticated hack could), then the old copy (or what's left of it after random parts have been overwritten by the multiple random writes done by eraser) could be accessed. The only secure USB key is an encrypted one.
freestyle
 
Posts: 4
Joined: Thu Jan 05, 2006 2:07 am

Postby EraseTheTrace » Thu Jan 12, 2006 5:16 pm

i just ran my own test, BUT i only deleted the file, and i WAS able to recover it.

according to your logic this shouldnt even be possible.
EraseTheTrace
 
Posts: 3
Joined: Thu Jan 12, 2006 8:04 am

Postby sd6 » Sat Feb 25, 2006 2:54 pm

Is this also true for USB MP3 players like Apple's Ipod Nano?
sd6
 
Posts: 5
Joined: Sun Feb 19, 2006 2:53 pm

Postby Swifty » Tue Jul 11, 2006 2:07 pm

It will work but your disk will die out quickly.
Swifty
 
Posts: 22
Joined: Fri Nov 14, 2003 5:36 pm
Location: England

Postby Overwriter » Fri Sep 28, 2007 8:11 pm

Hi All. :)

I have read this thread with some interest and I thought I would do my own experiment.

Using a Corsair 256MB Flash Drive I first zeroed the entire drive. Then I formatted it FAT32.

I made a large text file with some readable English text in it. I then saved the text file to the flash drive.

I opened the flash drive with my Hex Editor and took a note of where the file was on the flash drive. I was also able to read the English text.

Using the right click option of Eraser I erased the text file with a single pass random overwrite.

I then reopened the flash drive with my Hex Editor and checked the sectors I had previously taken note of. They had been overwritten with what appeared to be a DLL file. This is a feature of Eraser 5.84 that after a random wipe Eraser then selects a random DLL and copies it to the erased location in an effort to disguise the fact erasing had taken place.

I checked the entire flash drive for any data and I was unable to find any.

So it would seem for me that Eraser works ok on Corsair flash drives. This may be something to do with the capacity of the flash drive or the way Corsair works. I guess the only thing to do is to test the flash drive you are currently using with a varied number of test files of different sizes to make sure.

Remember safety first !
User avatar
Overwriter
Eraser DevTeam
 
Posts: 1068
Joined: Wed Nov 15, 2006 4:48 pm

Postby douche.fun » Sun Oct 14, 2007 9:21 pm

I thought it wrote over data in a pattern... Not randomly.
douche.fun
 
Posts: 1
Joined: Sun Oct 14, 2007 9:15 pm

Postby Overwriter » Mon Oct 15, 2007 7:56 pm

Hi douche.fun :)

I am a bit worried about your username ! :?


You can select how Eraser overwrites data. You can even make your own patterns.

I usually choose a random pass.
Want to help Eraser ? Read this. Found a bug in Eraser, please report it here. Eraser FAQ
Image
User avatar
Overwriter
Eraser DevTeam
 
Posts: 1068
Joined: Wed Nov 15, 2006 4:48 pm

Postby Bugles » Tue Nov 27, 2007 2:37 am

I am researching do-it-yourself bootable flash drives, (namely Damn Small Linux) and I want to use an old 512 flash drive. I also would prefer the contents erased by a good program like eraser. So, I have some questions after reading this post:

Overwriter, I do not know what you mean by seroing the drive. (are you talking about low level formatting?) I assume you wrote a large text file, but not a 256MB text file. Was there data on the drive before you reformatted in FAT32?

Anyway, if there was daata on the drive before you "zeroed" and reformatted, and you could not find any data after erasing. Then I would say all we need to do is "zero" our drives, and reformat. No need for eraser! You are a genious Overwriter! (sarcasm, if yo ucan't tell)

Anyway, please let me know the answers to the first paragraph questions.
Bugles
 
Posts: 1
Joined: Tue Nov 27, 2007 2:25 am

Postby Overwriter » Fri Nov 30, 2007 12:16 pm

Hi.

Bugles wrote:Overwriter, I do not know what you mean by zeroing the drive.


I used a hex editor to write zero’s to the entire drive.

Bugles wrote:Was there data on the drive before you reformatted in FAT32?


Only the zero’s written with the hex editor.

Bugles wrote:Anyway, if there was daata on the drive before you "zeroed" and reformatted, and you could not find any data after erasing. Then I would say all we need to do is "zero" our drives, and reformat.


You could do that but it would mean when you wanted to erase a 1KB text file you would have to copy all the data you wanted to keep from your flash drive and save it to another disk then zero and format the entire flash drive which could now be as much as 16GB ! Then copy all your data back to the flash drive.

Bugles wrote:No need for eraser!


Unless you want to go through the procedure in the paragraph above then you do need Eraser, or a hex editor.
Want to help Eraser ? Read this. Found a bug in Eraser, please report it here. Eraser FAQ
Image
User avatar
Overwriter
Eraser DevTeam
 
Posts: 1068
Joined: Wed Nov 15, 2006 4:48 pm

Erasing USB Keydrives

Postby eskdaleman » Thu Dec 06, 2007 2:23 pm

I have recovery software that easily recovers deleted files but it can't recover Erased files on my USB flash memory.


I have exactly the opposite experience. Using oo-software Unerase most of the images I had erased on a USB drive were recovered and readable by Paint Shop Pro. Some had been corrupted, probably because they had been deleted some time ago and before the drive had been re-used several times. I erased them again, and recovered them again easily. I then used the 'erase unused drive space' option and that did the trick.
Thanks to others on this forum I have been alerted to the risk on USB drives. :)
eskdaleman
 
Posts: 1
Joined: Thu Dec 06, 2007 2:10 pm

Next

Return to Eraser Support

Who is online

Users browsing this forum: Bing [Bot], Google Adsense [Bot] and 4 guests