Jason,
Read the UCSD article, http://nvsl.ucsd.edu/index.php?path=projects/sanitize to see what they found out about a simple single
pass wipe. The need for a specialized wipe that ensures all data has been removed is needed but I would tend to agree with you that a single pass should be sufficient because there shouldn't be any way for the SSD to remember what it's previous state was.
Of course, if you do a random character wipe, then it would be more difficult to determine whether any data you found in those hard to wipe areas is real or just random characters. Read pages 32-34 of NIST SP800-88 rev1 (draft) to see what they say about SSDs.
It all depends on what you organization determines is the proper level of sanitization (clear, purge, or destroy). If you look at NIST SP800-53 rev4, MP-6 Media Sanitization, CE-3, they talk about non-destructive techniques even for devices with classified
information on them so depending on who's going to accept the risk of exposure of your data, you might be able to use a simple "clearing" process, thereby being able to reuse the SSD. Of course, if the SSD has failed and you're trying to dispose of it properly,
destroying might be your only avenue and 800-88 gives suggestions on how to do it. Draft
NIST Special Publication 800-88 Revision 1 - Computer …
****
Remember, the fact you can technically fix something doesn't always matter when you're talking about the political impact of data exposure.
On Mar 20, 2013, at 8:43 AM, Jason T. Bracy < email@hidden> wrote:
The thing that everyone seems to be missing is that because SSDs are not
magnetic media they do not suffer from the residual data issues that
Magnetic HDDs do. So in my limited knowledge and experience of the subject,
a single pass wipe on an SSD is as effective as a 35 pass wipe of a HDD.
Please if anyone knows more please correct me, but my understanding was that
SSDs are incapable of data scavenging once they are erased and overwritten.
Jason
--
Jason T. Bracy | SAIC
Systems Administrator | SAIC Creative
email@hidden |
saic.com
From: Ben Greisler <email@hidden>
Date: Wed, 20 Mar 2013 09:02:00 -0400
To: "email@hidden" <email@hidden>
Subject: Re: [Fed-Talk] Secure erase of SSD drives?
I don't know how well the SSD's are shielded, but I would suspect that a good
blast from an EMP type disk destroyer would certainly damage the chips
internal structure via induced current.
I don't have access to that type of disk destroyer currently and I don't feel
like testing on a $500 SSD. I'll let someone else report back.
Ben Greisler
On Mar 19, 2013, at 11:17 AM, "O'Donnell, Dan" <email@hidden> wrote:
Solid state disks are fundamentally different from spinning ferromagnetic
disks. Solid state are silicon chips in which the transistors maintain
state when turned off. (I don't know if they trickle charge to retain
state.)
Magnetic hard drives are just that - magnetic - with (conceptually) little
ferromagnetic particles that change position when pushed by the magnetic
heads of the drive. As such they can be affected by the high B field of a
degaussing magnet.
Solid state drives should be completely unaffected by a magnetic field.
Peter Link
Cyber Security Analyst
Cyber Security Program
Lawrence Livermore National Laboratory
PO Box 808, L-315
Livermore, CA 94551-0808
The contents of this message are mine personally and do not reflect the views or position of the U.S. Department of Energy, Federal Government, National
Nuclear Security Administration, Lawrence Livermore National Security, or Lawrence Livermore National Laboratory.
|