Erasing USB key Drives

Becquet

New Member
Hi, I'm new and I apologize for my English.

I have a problem with Eraser 6.0.6.1376.

I've ever used it to erase unused space on my USB key Drive EMTEC 4GB with various standards without any problem.

The fact is that I can't erase unused space on my USB key now, I've immediately "completed with errors" and "not queued" when I run the task, of course, I've tried with several erasure standards.

At this moment, I'm erasing unused space on my USB key Drive with Eraser 5.86.1 and it works (Gutmaan method).

My OS is Windows 7 Home Premium 64-bit and my USB key uses FAT32.

Thanks.
 

DavidHB

Active Member
Firstly, I suggest that you upgrade to the newly released Eraser 6.0.7, which contains a significant number of bug fixes, including (probably) fixes for at least some of what you are seeing.

Secondly, Eraser 6 reports in a somewhat different way to Eraser 5; that is it does flag as errors things that were simply reported in Eraser 5. This behaviour has been toned down in the recent release, but there are still some "errors" which , in my opinion, should be reported as information only; at present, any free space wipe will only be completed with errors if the drive contains protected system files or folders, such as System Volume Information, which Eraser is not permitted to access. You can check for yourself what the errors are by looking at the Task Log (right-click on the task in the task pane, then select "View Task Log"). If all the errors relate to system files, you don't have a problem. These issues in any case only tend to arise if you erase cluster tips, because that is when Eraser tries to write to files which the OS will not allow it to access.

The words "not queued" do not indicate an error. They simply indicate, for a task that is to be run manually, that no time has been set for the task to be run.

Hope this helps.

David
 

Becquet

New Member
Task Log.

" Error The program does not have the required permissions to erase the unused space on disk. Run the program as an administrator and retry the operation. "

What should I do ?

Thanks.
 

catmouse

New Member
So i need too use TrueCrypt now, because it's impossible to overwrite the files.
So do someone have a good tutorial for newbies to put a truecrypt volume on a stick?

And do i need to install truecrypt on others computers, if i install it on the stick?
 

DavidHB

Active Member
If you read through this lengthy thread, you will find that files will be erased if you delete them (or format the drive) and then wipe all the free space on the stick, though you should not do that too often because of the wear factor.

Details of Truecrypt are at www.truecrypt.org. The documentation includes a tutorial for beginners.

David
 

catmouse

New Member
DavidHB said:
If you read through this lengthy thread, you will find that files will be erased if you delete them (or format the drive) and then wipe all the free space on the stick, though you should not do that too often because of the wear factor.

Details of Truecrypt are at www.truecrypt.org. The documentation includes a tutorial for beginners.

David


Ah, i thought that it was impossible to remove the files from the stick.
So one pass with the wipe free space is enough to remove the data?

Because i will give this to my family members, and i had some information on it before, that i don't want that they find.
I tested with format and wipe the free space, and now it seems that i can't find them with Recuva or getdataback. So it's good enough for me.

Now i only need to truecrypt it. But thanks for the help.
I hope i can find a good newbie movie on Youtube.
 

DavidHB

Active Member
catmouse said:
So one pass with the wipe free space is enough to remove the data?
Yes. And you don't need Truecrypt for a stick you are giving away.

David
 

bob768

New Member
Reading this, I don't quite understand why the wear leveling is a problem for Eraser. Each logical sector corresponds to one physical sector, right? So if eraser overwrites the logical sectors containing a file, and the drive's logic decides to remap the logical sectors, the data will be written to different physical sectors. However, the data which used to be contained in those physical sectors must be saved, so it will be moved to the physical sectors previously containing the file, thus overwriting the file, right?
 

DavidHB

Active Member
I think that the point is that the wear levelling logic (which is inaccessible to the OS and therefore the user) arranges things in such a way that, when writing but obviously not when reading, a given logical sector does not always correspond to the same physical sector. Thus, by writing to the logical sector (to erase the file), you will probably not be writing to the physical sector where the data to be overwritten actually resides. Of course, if you delete the file and then wipe all free space on the drive, you should overwrite the data one way or another, but, as flash drive technology only allows a limited number of writes (hence the need for wear levelling), this should not be done too often.

David
 

Traum

New Member
Stumbled across this thread while I was browsing through the forum, and it got me thinking how Eraser would work with SSD that have enjoyed increasing popularity. I suppose the same principles applies to those as they do with USB flash drives?

That is to say, Eraser and other file shredding software will be ineffective against the likes of these SSD storage devices because of the wear-balancing algorithms?
 

Joel

Active Member
Yes. However, if files are larger than the sector size, it is likely that no useful information can also be recovered. In any case, erasing all unused disk space (save the space which SSDs keep) should also remove old data, as should disk utilities which issue TRIM.
 

john123

New Member
very interesting... As I understand, even using a sector level based overwiting tools would not make sure that all blocks/sectors of an USB memory sticks are erased/deleted :(

Question
Are the cells occupied by the old data accessible from the operating system and therefore, should it be possible to find artifacts with the search term [^\x00] ?


Thanks a lot for any feedback.

John
 

DavidHB

Active Member
The answer to your question (and sorry I did not spot your post sooner) is that the wear levelling mechanism sits below the file system and it is inaccessible to it; as far as I know, it is implemented in firmware on the flash drive. The (entirely intended) result is that any given logical address in the file system does not (for write purposes) map consistently to one given physical location on the drive. This is why sector erasing does not work.

Any sector by sector read of the drive using a suitable hex editor will read (and, if it has the capability, search for) the contents of each sector. But, if you try to write to that same sector, the wear levelling mechanism will direct the write to a different physical location.

There is, by design, nothing the user can do to change this behaviour. All users can do is wipe free space, which temporarily fills all empty sectors, albeit, of course, not in the order in which the file system thinks they are being filled.

Hope this helps.

David
 

PhilipElder

New Member
It seems that when it comes to flash based devices things are as clear as mud.

To make things even more cloudy have a look at the following study:


Even if we blank the drive and then use Eraser to fill all of the "unused" space on that flash based drive there may be remnants located in other areas of the drive as per the above study. This looks to be due to the way the flash drive protects the chips from excessive wear (see page 3+).

Full drive encryption is looking like it is going to be the only way we can guarantee that data is safe on any SSD based device.

Philip Elder
 

DavidHB

Active Member
PhilipElder said:
Full drive encryption is looking like it is going to be the only way we can guarantee that data is safe on any SSD based device.
I am most grateful for your posting the link to a very clearly argued paper, and I agree with the conclusion you draw from it, at least (and this is a point made by the authors of the paper) in so far as it relates to current technology. The authors do point out that the technology could be developed in particular ways to provide secure erase. They also make the very significant point that, as erasing of encrypted drives is not verifiable, there is no way the user can be sure that the erased data is non-recoverable if the encryption key is compromised (which, given the history of decryption, is a likely outcome at some point).

The only comfort for me in all this is that the authors of the paper had to use sophisticated, high-value techniques (including physical dismantling of drives) to recover data. I conclude that, for instance, using Eraser to erase free space on an SSD will make deleted files non-recoverable through the file system. In the real world, therefore, only high value targets (e.g SSDs used in a financial applications server) will be worth the effort the attacker would have to use to compromise the data, and it is reasonable to assume that such drives will be encrypted in any case.

For ordinary mortals, using Eraser before disposing of an SSD or otherwise letting outsiders examine it will significantly reduce (but not eliminate) the danger of compromise. This means that, as SSDs are increasingly used in SOHO environments, users will need to ensure that, so far as possible, sensitive data is stored on magnetic rather than solid state media, at least until SSD (and hybrid drive) manufacturers implement verifiable secure erase techniques. We seem to be at the same stage of development of SSDs that hard drives were in when Gutmann wrote his famous paper in the mid-1990s.

David
 

PhilipElder

New Member
DavidHB said:
PhilipElder said:
Full drive encryption is looking like it is going to be the only way we can guarantee that data is safe on any SSD based device.
I am most grateful for your posting the link to a very clearly argued paper, and I agree with the conclusion you draw from it, at least (and this is a point made by the authors of the paper) in so far as it relates to current technology. The authors do point out that the technology could be developed in particular ways to provide secure erase. They also make the very significant point that, as erasing of encrypted drives is not verifiable, there is no way the user can be sure that the erased data is non-recoverable if the encryption key is compromised (which, given the history of decryption, is a likely outcome at some point).
David

David,

You are welcome.

We have a bin of hard drive platters since we purchased the most expensive drill bit we could get our hands on and still could only dimple the platters. We do dismantle them. For those clients that are conscious about their storage devices and data, and we have many that are, we will make sure to destroy the SSDs and flash drives as a rule.

And I agree with the need for SSD manufacturers and OS developers to get together to provide at least some sort of command set or utility that will allow us to flip _every_ switch in the SSD to zero.

Philip
 

DavidHB

Active Member
The only way I have found to destroy HD platters is with a club hammer and cold chisel. Messy.

David
 

Joel

Active Member
Yes... I'm surprised manufacturers bother affixing "Fragile" labels to HDD shipments.
 

rbeede

New Member
So the summary would be as follows for USB/SSD:

1. Eraser can wipe free space on USB/SSD since it fills the entire drive

2. Eraser cannot confidently wipe a single file (suppose you right click and choose erase) on a USB/SSD since the drive might leave the old data in a different sector


Is this correct?
 
Top