Securely erasing flash media

[webfork]

So a lot of what this site works on is often assume to be written to Flash media, which has unique storage issues over magnetic drives including power consumption, fragmentation (doesn't matter), and now shredding files. Essentially the issue is that flash drives have a lifetime that is dependent on how many writes (evidently reads are more or less unlimited) are done to the drive, so any tool which wipes files is reducing the life of their media.

Easy answer is of course encrypt the drive from the beginning, but outside of that, what is there?

• Lenovo has a utility they provide on their website for Intel SSDs, which will "erase all contents of the Solid State Drive in a minute." I definitely want to know how that works and how I can get it for other flash media drives.
• Kingston lists a utility:
  http://www.kingston.com/us/community/ar ... ticleid=10
• Arch Linux talks about something that seems similar.

ArsTechnica also talks about this:
http://arstechnica.com/security/2011/03 ... ssd-drive/

Any ideas?

[joby_toss]

Try SDelete: http://technet.microsoft.com/en-us/sysi ... 97443.aspx

We also have WipeDisk in the DB: http://www.portablefreeware.com/index.php?id=1356

And I believe Eraser can do it, too: http://www.portablefreeware.com/index.php?id=267

[SYSTEM]

So a lot of what this site works on is often assume to be written to Flash media, which has unique storage issues over magnetic drives including power consumption, fragmentation (doesn't matter), and now shredding files.

Thanks for the link. I didn't know ATA Secure Erase was that unreliable.

Essentially the issue is that flash drives have a lifetime that is dependent on how many writes (evidently reads are more or less unlimited) are done to the drive, so any tool which wipes files is reducing the life of their media.

No, it's not "the issue". The article mentions that the problem is that all ways to wipe data from Flash drives (except physical destruction) are unreliable.

Of course, it's also an issue that overwriting data, in addition to not working, reduces the lifetime of the drive.

Lenovo has a utility they provide on their website for Intel SSDs, which will "erase all contents of the Solid State Drive in a minute." I definitely want to know how that works and how I can get it for other flash media drives.

It is likely ATA Secure Erase, which basically just tells the drive to wipe its content. The fact that Lenovo offers such an utility likely means that they use SSDs which support Secure Erase.

Kingston lists a utility:
http://www.kingston.com/us/community/ar ... ticleid=10

The official website of the utility is here.

Arch Linux talks about something that seems similar.

Here is a better link: https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase.

Any ideas?

If you need to wipe data from a Flash drive, I suggest physical destruction.

Try SDelete: http://technet.microsoft.com/en-us/sysi ... 97443.aspx

We also have WipeDisk in the DB: http://www.portablefreeware.com/index.php?id=1356

And I believe Eraser can do it, too: http://www.portablefreeware.com/index.php?id=267

As the InfoWorld article explains, this kind of tools doesn't work with Flash drives.

[webfork]

No, it's not "the issue". The article mentions that the problem is that all ways to wipe data from Flash drives (except physical destruction) are unreliable.

Of course, it's also an issue that overwriting data, in addition to not working, reduces the lifetime of the drive.

Certainly. I should have written that better.

Here is a better link: https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase.

Good stuff, thanks.

If you need to wipe data from a Flash drive, I suggest physical destruction.

I still have a hard time with this. I read the article and I get that wiping doesn't quite work, but where are these multiple storage spaces floating above the original data that hide all this erased material? If I install 3 different operating systems on one of these drives, does it keep all three? Part of some?

As the InfoWorld article explains, this kind of tools doesn't work with Flash drives.

The bar for success among security researchers is pretty high. Wiping is still good for most people's security needs -- I'd probably go with zeroing out the drive if concerned about drive life or one of the tools Joby mentioned for something more secure. But yes, for real security, physical destruction isn't odd. I recall the story of one of the people Phil Zimmerman was working with on PGP posted the initial code to the newsgroups and then took his computer drive out back and shot it.

[joby_toss]

So, you're saying that if I have a 2GB drive with some info and I overwrite it with a 2GB file, someone could recover the initial info stored on that usb drive? I can't believe that! I think it's possible only if they're selling 4GB drives as being 2GB and found a way to avoid all system checking methods.
And I bet that data overwritten by Darik's Boot and Nuke for example (YES, it works on connected usb drives, too), can not be recovered in 100 years from now!
The researchers from the University of California said the methods tried failed because SOME data remained intact. What the hell would someone use 2KB of my 71KB KeePass database for? The information would be all corrupted and shit... I don't find the need to shoot my drives yet. But I'd like to take a shot at the person that tries to recover some of my data...

[SYSTEM]

If you need to wipe data from a Flash drive, I suggest physical destruction.

I still have a hard time with this. I read the article and I get that wiping doesn't quite work, but where are these multiple storage spaces floating above the original data that hide all this erased material? If I install 3 different operating systems on one of these drives, does it keep all three? Part of some?

Flash drives are overprovisioned (see http://en.wikipedia.org/wiki/Write_ampl ... ovisioning), i.e. contain more storage than is logically addressible. As a result, if you overwrite all logical sectors, the drive still contains remnants of the old data in blocks that you didn't overwrite.

If you install three operating systems into the same Flash drive, the drive keeps the last OS and some individual sectors from the second one.

So, you're saying that if I have a 2GB drive with some info and I overwrite it with a 2GB file, someone could recover the initial info stored on that usb drive? I can't believe that! I think it's possible only if they're selling 4GB drives as being 2GB and found a way to avoid all system checking methods.
And I bet that data overwritten by Darik's Boot and Nuke for example (YES, it works on connected usb drives, too), can not be recovered in 100 years from now!
The researchers from the University of California said the methods tried failed because SOME data remained intact. What the hell would someone use 2KB of my 71KB KeePass database for? The information would be all corrupted and shit... I don't find the need to shoot my drives yet. But I'd like to take a shot at the person that tries to recover some of my data...

Indeed, if you're not worried about an attacker getting a kilobyte or two, full disk wiping is secure, but sometimes way too slow. With four of the eight drives the researchers tested, overwriting the drive once with sequential data took 58 hours or more (140 hours with the slowest drive).

[joby_toss]

http://hddguru.com/software/HDD-LLF-Low ... rmat-Tool/

This was just posted on Softpedia: http://www.softpedia.com/get/System/Har ... Tool.shtml

· Supported interfaces: S-ATA (SATA), IDE (E-IDE), SCSI, SAS, USB, FIREWIRE
· Big drives (LBA-48) are supported
· Supported Manufacturers: Maxtor, Hitachi, Seagate, Samsung, Toshiba, Fujitsu, IBM, Quantum, Western Digital, and almost any other not listed here
· The program also supports low-level formatting of FLASH cards (SD, MMC, MemoryStick and CompactFlash) using a card-reader

Free for personal/home use (speed is capped at 180 GB per hour which is 50 MB/s)

This HDD Low Level Format utility is free for home use. It can erase and Low-Level Format a SATA, IDE, SAS, SCSI or SSD hard disk drive. Will also work with any USB and FIREWIRE external drive enclosures as well as SD, MMC, MemoryStick and CompactFlash media.

Great warning message:

WARNING: After running this low level format tool, the whole disk surface will be erased.
Data restoration is impossible after using this utility!

Note: forgive me if I don't test this for portability!

[webfork]

I still have a hard time with this. I read the article and I get that wiping doesn't quite work, but where are these multiple storage spaces floating above the original data that hide all this erased material?

Flash drives are overprovisioned (see http://en.wikipedia.org/wiki/Write_ampl ... ovisioning), i.e. contain more storage than is logically addressible. As a result, if you overwrite all logical sectors, the drive still contains remnants of the old data in blocks that you didn't overwrite.

Cool - thanks for that.

[webfork]

Old thread update:

If you own a Samsung device, you can run some software to trigger the built in wipe system:
http://www.softpedia.com/get/System/Har ... cian.shtml

I thought low level formats would do the trick using tools like this program but Wikipedia notes that many hard drives may not have this capability anymore.

[SYSTEM]

I thought low level formats would do the trick using tools like this program but Wikipedia notes that many hard drives may not have this capability anymore.

As Wikipedia mentions, there is terminology confusion here.

The present ambiguity in the term low-level format seems to be due to both inconsistent documentation on web sites and the belief by many users that any process below a high-level (file system) format must be called a low-level format. Since much of the low level formatting process can today only be performed at the factory, various drive manufacturers describe reinitialization software as LLF utilities on their web sites. Since users generally have no way to determine the difference between a complete LLF and reinitialization (they simply observe running the software results in a hard disk that must be high-level formatted), both the misinformed user and mixed signals from various drive manufacturers have perpetuated this error.

Your first link only shows a way to fill the drive with zeroes, nothing more.

[webfork]

there is terminology confusion here

Thanks for that -- should have looked closer.