[Im]Practical Disk Wiping for SSD’s

##########################
DANGER WILL ROBINSON!

This post specifically speaks to solid-state drives (aka SSD).
See my previous post for traditional, mechanical, spindle-based hard drives.
I’m not data recovery or security expert so feel free to take this with a grain of salt.

##########################


A while back I wrote about the process I use for wiping my mechanical or spindle-based hard drives.  That process was specific to those ‘traditional’ hard drives because of the way they work and was not meant for SSD’s.  So today, we’ll cover some options for wiping SSD’s.

Please Don’t 9 Pass Wipe Your SSD.  Please. Srsly.

Securely wiping SSD’s is something of a tough subject because SSDs are completely different from mechanical drives.  Wiping them properly is challenging for a variety of reasons which I won’t get into, but just know that doing a 3, 9 or 35 pass wipe on your SSD will (a) not guarantee the data has been wiped and (b) will likely severely reduce the lifespan of your SSD.  I encourage you to research this further via the keyword: Flash Translation Layer.

No matter how you slice it:

  • whether you’re using a trusted solution from a trusted source, OR
  • relying on the built-in commands set by the manufacturer

It all boils down to:

  1. whether or not the SSD manufacturer implemented those special commands properly, AND
  2. whether or not the data was only stored in areas that are able to be reliably sanitized

How Should One Wipe an SSD?

Your best bet is to reach out to the manufacturer of your SSD to get proper guidance on how to properly sanitize your specific SSD.  After all, they know their devices best … at least they should.  Chances are you have an SSD made by one of these manufacturers below, and they all provide some guidance on how to securely erase your SSD, usually by way of a specific utility.
(Listed alphabetically.)

Corsair – http://www.corsair.com/en-us/blog/2013/may/the-corsair-ssd-toolbox

Crucial – http://crucial.i.lithium.com/t5/Crucial-SSDs/SSDs-and-Secure-Erase/ta-p/112580

Intel – https://www-ssl.intel.com/content/www/us/en/support/software/000006084.html

OCZ – http://ocz.com/consumer/download

Samsung – www.samsung.com/samsungssd

SanDisk – http://kb.sandisk.com/app/answers/detail/a_id/16678/~/secure-erase-and-sanitize

There are other manufacturers but you get the idea.  You should also check with the manufacturer of your PC as they may have a utility for your specific configuration.

No matter what: Read everything you can about your specific drive before you do anything.
If in doubt, pick up the phone and call customer support for the manufacturer of your SSD and/or the manufacturer of your PC.

Any Other Options?

Do you have a hardware-based self-encrypting drive (SED) or full disk encryption (FDE) drive?  If so, a good chunk of the work is already done for you because you can ‘crypto erase’ the drive, which a process that throws away the old encryption keys and generates new ones effectively locking you out of the drive.  Although the data is still technically there, because the old encryption keys are permanently lost, there’s no way to access or otherwise retrieve the data.  The only downside is that you have to have one an SED, which are usually more expensive and typically found in business-class hardware.  Unless you specifically ordered a [TCG] OPAL SSD, you probably don’t have one.

If you don’t have a self-encrypting SSD, the best alternative would be to encrypt the drive using BitLocker then wipe it using the appropriate method or utility for your SSD.

How Am I Wiping SSD’s?

I’m not.  Truthfully, SSD’s are relatively new to my personal ecosystem so I have not yet had the need to wipe one.  But I do know that it’s something I’ll need to have an answer for some day.  If I had to do it today I’d first take my own advice above, before exploring something like Parted Magic.  That said, I am leaning towards WipeDrive (consumer | small business | enterprise) or Blancco 5 due to their reputation, but I prefer solutions that will integrate with my existing MDT and SCCM environments.

 

Good Providence and practice safe erasing!

 

One comment

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s