Posted on 21st Jul 2015
Even if new generation data storage devices indicate that files have been deleted, 75% of information stored on them can still be stored on flash-memory based storage devices - according to the study's results presented at the Usenix FAST 11 conference in California. In some cases SSD wrongly indicates that files were "deleted securely", although files' copies still remained in reserve archives.
Samsung 850 EVO 500GB 2.5-Inch SATA III Internal SSD (MZ-75E500B/AM)
Intel SSD 710 Series
It is difficult to securely delete data onSSD because of its absolutely different internal structure. Traditional ATA and SCSI hard drives use magnetic properties of materials to store data onto physical location, known as LBA, or mechanism of data block addressing and access. On the contrary, SSD uses computer chips to store information digitally, as well as FTL or flash translation later, used for data management. When information is modified, FTL frequently stores new files on various parts and updates the card to display the modification.
Within this process, the old file's data remanence, referred to as digital remanence, continues to remain on the storage device.
"These differences between the hard drive and SSD can potentially lead to substantial difference between user's expectations and real behavior of the storage device," - wrote the scientists from the University of California, San Diego in a 13 pages article. "The holder of SSD can apply "sanitary treatment" method of the hard drive, mistakenly thinking that it can help to irretrievably delete data. Truth be told, the data can still remain on a storage device and in order to delete it, you will need to use sophisticated methods".
Researchers revealed that 67% of data stored in a file still remains even after it was deleted from SSD using secure data delete option offered by Apple in their Mac OS X. Other data 'erasure' operations, which securely delete files through repeated rewriting of data stored in a particular place on the disk, proven to be useless with the same high indications during their use for deleting a separate file from SSD. For example, when performing pseudorandom data operations, 75% of information remained. At the same time, British HMG IS5 demonstrated slightly better results - 58%.
Samsung 850 PRO SSD
Selection of one or more files for deletion is only a method of "sanitary treatment" enabling to continue to use the disk on which information was stored. Also, the researchers revealed that all data rewrite methods directed at one file failed to delete all digital remnants, although the procedure was followed by disk defragmentation rearranging residual information in the file system.
"Our data shows that rewriting is ineffective and 'data deletion methods offered by manufacturers' not always can work properly," - the article warns.
Disk cleaning methods are not much better with SSD. There was a case when one SSD model still had 1% out of 1 Gb of data and that was after 20 consecutive attempts to rewrite data on the device. Other devices were able to delete data securely after two attempts, but the majority of them required 58 to 121 hours to perform one pass, which makes the equipment nonviable in most of the cases.
Researchers also revealed serious failures when attempting to subject SSD-media to demagnetizing, during which occurs a destruction of storage devices low-level formatting. Since demagnetizing is dangerous only for magnetic disks, it is not effective when applied to the new generation of data storage devices. "Information remained undamaged in all cases," - the researchers wrote.
Seagate 1200 SSD
Researchers found the most effective way of deleting information from SSDby using data encryption devices. Data erasure occurs via deletion of encryption keys from so-called key storage. Therefore, it ensures that the information remains encrypted forever.
"Nevertheless, the danger here is that this method relies on the controller which is supposed to thoroughly clean internal storage containing encryption key and other valuable information, which can be useful during cryptanalysis," - the researchers wrote. "We found these bugs while executing some cleaning commands. It is too optimistic to think that the manufacturers of SSD will thoroughly clean the key storage. Moreover, there is no way to make sure that the cleaning was actually done (for example while deleting the storage device)".
The study was carried out by writing files with recognizable signatures on SSD and subsequent use of special devices which had to find signs of information remnants after use of secure file deletion methods. Research device's cost is approx. USD 1,000, but "the simple version on the basis of microcontroller would cost USD 200 and would require only a moderate level of technical expertise for creation", - they informed.