Erasing USB key Drives

The theory behind erasing the free space of drives is identical regardless of drive medium, overwrite and clear. This theory seems to hold up with magnetic media and optical media, but for flash media the guarantee seems a little shaky due to "wear levelling" mechanisms which attempt to spread out the write load across all cells. This, in my opinion, is no better than a hard drive. If your HDD has got bad sectors, there's nothing anyone can do to coax your OS into writing stuff there.

As to spreading information all over the flash device, it will be no different because Eraser will fill the entire drive anyway, or at least all that it can get its hands on (save the OS). Problems will only arise when cells cannot be written to, like I've said earlier in the case of traditional magnetic media of which there is no solution currently.

I don't think that Eraser's security has been compromised as of now. There may be reports of people recovering files after an erase but none of the support team members were able to get a useful reproducible case and replicating it.

Joel
 
Joel said:
The theory behind erasing the free space of drives is identical regardless of drive medium, overwrite and clear. This theory seems to hold up with magnetic media and optical media, but for flash media the guarantee seems a little shaky due to "wear levelling" mechanisms which attempt to spread out the write load across all cells. This, in my opinion, is no better than a hard drive. If your HDD has got bad sectors, there's nothing anyone can do to coax your OS into writing stuff there.

As to spreading information all over the flash device, it will be no different because Eraser will fill the entire drive anyway, or at least all that it can get its hands on (save the OS).
Click to expand...
A very interesting discussion. However, I'm not so sure that erasing unused space is the same as filling a drive and then erasing it. or at least it doesn't seem to do this on my system (Eraser 5.86.1 Win XP Pro SP3).

If I erase unused disk space on my empty 1 Gb USB key ("DiscGo") it takes about twenty seconds to complete.

But, on the other hand, if I fill the drive manually to capacity by copying files onto it, then select the files and "Erase" them, it takes about five minutes to complete.

It seems to me that twenty seconds is too quick to fill the drive and erase everything on it. Maybe it's doing something different instead?

Steve
 
I don't know how much disk space is used on your key, but assuming it's half used, at 0.5GB, to completely erase the drive in 20 seconds means that your key is writing at a throughput of 25.6 MB/s. That's not phenomenally high but still a little on the high side (so maybe your drive isn't that empty, or your drive is new. 10MB/s for a standard USB key isn't unheard of.)

If you were to copy files and erase them, though, Eraser's default is to erase the file 35 times, so it should take 35 times longer to complete the erasure. The multiple passes takes a much longer time to complete, roughly the product of how long your one-pass unused space erasure will take by the number of passes. (the defaults will take about 12 minutes if your USB key scales linearly)

Joel
 
Thanks for the reply. I think I have my default erasing options to be set to one pass pseudo-random and my free space erasing to the same, but I might have mixed up the options.

I notice though, that my free space erase does not have "Cluster tips" selected, whereas for erasing files it does. Maybe that accounts for much of the difference in erasing time?

I'll have another look at this.

Thanks
Steve
 
Cluster tips only constitute the last cluster of the file, which usually is less than 4KB per file but it does add to the time required for the overall erasure because every file has to be opened, erased, restored and then closed. That probably explains it.

Joel
 
Hi,

just found this interesting thread. Did I get it right, that it isn't possible to securely erase flash drives, neither with eraser nor with other tools?

Thanks in advance!

chrisk
 
chrisk said:
just found this interesting thread. Did I get it right, that it isn't possible to securely erase flash drives, neither with eraser nor with other tools?
Click to expand...
My file recovery program (Pandora) can see just a few file names and jibberish, all unrecoverable. I'm satisfied it's secure.
 
GregM said:
chrisk said:
just found this interesting thread. Did I get it right, that it isn't possible to securely erase flash drives, neither with eraser nor with other tools?
Click to expand...
My file recovery program (Pandora) can see just a few file names and jibberish, all unrecoverable. I'm satisfied it's secure.
Click to expand...

Thank you Greg. That's fine! How often do you have to overwrite and which algorithm did you use?
 
About once monthly I right click the flash drive(s) and erase with a single pass. If, over time, Pandora shows too many sensitive files not fully overwritten I run a free space erase, single pass. If my paranoia level is slightly elevated when erasing a single file I rename it with senseless letters and numbers, like dragging my finger across the keys . . (werty4567) . . beforehand.
 
Hi,
It may be off topic but I have a USB hard drive (Lacie-500GB, FAT system, with close to 400GB free space)
after 5hrs and 30min using Eraser to erase free space using 1 pass, I can recover tons of deleted files by Recuva software fast scan ( over 80K files...)
in perfect condition.
Is Eraser working on a large USB external harddrive in FAT file system?
Thanks
 
These files which are still intact - are they DLLs EXEs and system files? If so, it's normal.

Joel
 
Please be forgiving if I've completely got this wrong....

I've done some testing with recovery programs like Rescue Pro - it looks like overwriting the whole of a USB drive several times generally clears whatever is on it, though I'm not sure if this is just because the odds are in favour of the USB's wear-levelling allowing enough of the old files to be overwritten to make them undetectable. This isn't necessarily the same as overwriting the whole drive and definitely destroying all remnants of the previous data. I’m not clever enough to check this in more detail, but as I understand it there is always a possibility someone may be able to recover data fragments from an “erased” USB stick because wear levelling means it is unlikely absolutely all areas of a stick get to be overwritten when erase programs are run on it, or the stick is reformatted. I've spent ages trying to find a program that guarantees it will securely overwrite an entire USB stick, but the problem seems to be wear-levelling means this cannot be guaranteed, and of course even if someone does guarantee it, who knows….

I use USBs to move data between computers, and it would be a pain to have to work around this. So I’ve hit on this way of being sure everything on my USBs gets overwritten at least once, which as I understand USB memory should be enough to thwart most attempts at recovery.

1. Use truecrypt to create an encrypted volume on your hard drive as close as possible to the size of the USB stick (or perhaps 1,2,3 etc GBs).

2. Change the suffix on the encrypted file’s container to .iso, if it isn’t this already.

3. (This step is probably only for the paranoid...). Use truecrypt to mount the encrypted .iso file, so you have a truecrypt volume which should show in explorer as entirely empty. Use eraser (or any other erasing program) to securely erase the free space on the encrypted volume by writing random data to it. Dismount the encrypted volume.

4. The encrypted volume is now simply an iso file full of completely random data. Copy it to the usb drive. Copy it again and again to the USB drive (renaming it each time) until no more copies of the iso file will fit (eg if the USB stick is 4GB, you will be able to copy a 1GB iso file only 3 times).

5. Use windows explorer to ascertain the exact amount of free space left on the USB drive.

6. Create another encrypted volume the exact size of the free space, or as close to it as possible, set the suffix to iso, (mount it, fill it with random data, dismount it), copy it to the usb.

7. Use explorer again to see if there is any free space left on the USB. If there is, repeat step 6 or copy a small file of rubbish data to it or (assuming the space is negligible) use eraser to write random data to it several times so that even with wear levelling every memory cell left gets overwritten.

8. With the USB stick as full as possible with encrypted iso files, and any titbits of storage space filled with junk data or otherwise erased, delete the iso files from the usb using explorer (or if you are still paranoid, use eraser to “overwrite” them, although they may not be fully overwritten…..). You can keep the iso file(s) on your hard drive for future use.


Job done. Not as quick as using erase software alone, but I think safer and more certain.

Would welcome any comments on whether or not this is a sure method of erasing an entire USB stick. The advantage I see is that you know for sure the entire drive, all but perhaps a few bits, gets completely overwritten.
:D
I
 
Actually that's exactly what Eraser does during a free space erase... Anyway.

Step 3 is technically not necessary as when you format your TC partition it is initialised with random data.

Joel
 
One possible solution to this issue could be to create multiple or single encrypted volumes (virtual container/drive/partition) on your USB pen drive, then just erase the volume. This should mean the volume and any of it's contents will not be recoverable.

You can create volumes with the likes of:

TrueCrypt

http://www.truecrypt.org

Rohos (files can be accessed without Admin rights)

http://www.rohos.com

LockNote

http://locknote.steganos.com/

and other similar software.
 
Hello,

today I googled a lot to find a solution to erase old data from USB drives. The reason is I erased unused space on a 2 GB USB drive two times (each time 1 pass pseudorandom method with cluster-tip erase) and after that I was able to recover a lot of files with Rescue Pro. This program came with one of my USB-Drives. I used erase v. 5.8.7, it took very long- not sure, maybe 30 minutes for ~300 MB free space ~ thats mainly because of erasing cluster tips. without cluter tip erase it took about one minute. but as I already wrote, files where able to be recovered. The filenames looked random like, but the data inside where old files I had deleted long time ago - no pesudorandom data inside of the files! The explanation for this is probably that the erasewr-data is spread all over the drive, as one of the thread-members said at the beginning of this thread.

But Joal the dev said, it would be possible to erase unused space (if I understood right? ~ It's late, i'm tired and i'm not native english :? )

Does the actual v. 6 of eraser safely erase unused disk space of USB-drives? I installed V6 and startet a run but after 15 minutes the progress-bar had just moved 2 bars!!! the v6 seems to be extremly slow (at least on usb - have not tried HDD now) .... why? I took 1 pass pseudorandom like before.

Is there no way to choose if cluster tips should be erased anymore? I could not find a check box in setting of V6.

Lots of questions I know but I think aswer to it would be a great solution to this topic and many people might be interested.

Thanks very much

Robert from Berlin (yes, the one! :D )
 
(not targeted at Linuraser) Let me clear this up (once and for all) the checkbox which (quite a few) people are not seeing is right under your nose.

v6 does. There is no reason currently to believe otherwise. You need to remove all other copies of data on the drive: places like the Volume Shadow Copies (aka System Restore) are obvious culprits, as well as other temporary files.
 

Attachments

  • Select Data to Erase.png
    33.8 KB · Views: 4,414
You must log in or register to reply here.
Back
Top