Helping people with computers... one answer at a time.

Shredders or Secure Delete tools actually address two distinct problems, only one of which applies to Flash. Addressing the other could be harmful.

I have a question regarding file shredder software and its effectiveness when used on flash drives. I recently tried to shred some files on a flash drive. I applied various aggressive shredding methods - 35 passes, 7 passes, 3 passes, etc.. Each time, using a relatively old recovery software, I was able to easily recover most of the supposedly shredded files!

Are these shredder softwares not intended for use on flash (solid state) devices? If so, why not? Are they effective only on hard disks devices?

I will say that I'm surprised that the file recovery tools were able to recover files after being shredded. I would have expected the files to be gone.

However...

Using a file shredder on a flash or solid-state drive isn't something I recommend doing, at least not in the same way as you might on an actual hard disk. The problem is that you could be wearing out the flash drive faster than you need to.

File shredders, or secure delete utilities, address two distinct problems when you delete a file in Windows:

  • When a file is deleted, the data is not actually overwritten.

  • On magnetic media, data that has been overwritten might still be recoverable using advanced (and expensive) forensic tools.

"... you could be wearing out the flash drive faster than it needs to be."

Flash drives are not magnetic material, and hence the second item simply doesn't apply. When data is overwritten, the previous data is gone. There's no "magnetic residue" to use to perhaps recover the previous data.

The approach that file shredders use to really, truly, positively erase data on magnetic material such as hard drives is to overwrite it multiple times with random data or data patterns that are designed to make any previous data completely unrecoverable. In reality, overwrite the data two or three times, and for all practical situations it's gone. 35 pass shredding is overkill for the seriously paranoid.

And regardless, overwriting more than once is only applicable for magnetic material.

The problem is simple: flash memory wears out the more you write to it. So writing to the entire flash drive 3, 7 or heaven forbid 35 times when in fact you only needed to write once could be seriously shortening the useful life of that device.

So my advice is simple: to shred or securely delete the data on a flash or solid state device, use a utility that will perform exactly and only one pass of overwriting the deleted data.

That'll be enough.

And if the tool you choose isn't working, I'll point you to SDelete, Secure Delete, which will let you do exactly that.

Article C3670 - March 8, 2009 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

14 Comments
Philip
March 8, 2009 8:51 PM

Modern flash drives force new data to locations that have not been used (as much) as current locations to keep wear as even as possible. I suspect that these newer flash drives divert the shredder to locations that don't include the data you're trying to shred. The data from the file you're trying to shred stays intact while some innocent area gets "shredded". ;-)

That's true, but it should never be visible in any useful way to a file recover program - or to any program for that matter. "Wear levelling" as it's called is all hidden within the hardware.
- Leo
09-Mar-2009

Mike in Pennsylvania
March 10, 2009 8:59 AM

SDelete is a little complicated for the casual user.

I use the freeware Eraser which gives you the option to write once with Pseudorandom Data. After installing the software, you can do a right click on the file name and select ERASE.

http://www.brothersoft.com/eraser-12113.html

hemraj
March 10, 2009 12:46 PM

it is very good when delete function not work

Rocco
March 11, 2009 2:13 AM

Wouldn't East-Tec Eraser be the best option for USB and disk?
http://www.east-tec.com/

Gamar Damlani
March 13, 2009 9:32 PM

i want to view & recover my picture files but how can i recover picture files on my USB if i have already cut them from my USB and paste it on a folder who happens to be inffected by a virus giving it the cause why i cannot view my Picture files anymore.

t
March 14, 2009 12:03 AM

Wear leveling means it is writing the shred to other parts of the memory drive, thus it does not overwrite the original file remnants.

And, voila, the old file remains intact to a file recovery program.

contig is "complicated"??? sheesh.

It would be better to use a truecrypt volume to keep private stuff private on a flash disk. Perhaps the only way.

Wear leveling is implemented at the hardware level and is transparent to applications. If you overwrite byte "x" on the media, then it will always look like byte "x" was overwritten, even though is might reside elsewhere on physical media. Put another way, wear leveling does not increase the chances of file recovery because it's completely hidden.
- Leo
14-Mar-2009
Nicholas Gimbrone
March 14, 2009 2:33 PM

Wear leveling would increase the chances of recovery if the recovery program is looking at ALL of the free blocks... as there is still a block on that USB that contains that data.

Again, no. Wear leveling does not increase the chances of recovery.
- Leo
15-Mar-2009

MikeJC in Maine
March 19, 2009 6:08 AM

What about other forms of flash memory? Like SD cards and their ilk. Do they wear out as well?

Yep. Flash memory is much flash memory. There are differences in quality, of course.
- Leo
19-Mar-2009

Chris
March 22, 2009 5:34 PM

As someone with a scienctific background it would be easier to recover data from from many passes than from a few and here's why...

Granted the signal of the original files will become weaker the more passes one does, and more difficult to recover, but in essence the file would be less corrupt. The more random passes one does the more the scrambled signal evens out. Everyone should know this from statistics, flip enough heads and tails and you'll get a 50/50 split. It's kind of like cryptography in a way if you visualize each track as a column, but I digress, similarily if you only do a few passes the original signal will be stronger but more corrupt. hd only though not sure about flash.

Um...no. The more you overwrite it with random data the more difficult it will be to recover. (And overwriting ONCE is all you need for flash).
- Leo
23-Mar-2009
Martin Müller
April 15, 2009 3:28 AM

Hello,

does "Wear levelling" consider about partititions?

Example: 4 GB USB Stick with two partititions

1. Linux Ext2 - 8MB
2. Windows FAT - Rest of it

If I overwrite partitition 1. once with random data, will there be left data from that partitition somewhere on the stick because of "Wear levelling"?

Wear leveling is not externally visible, period. So while it might be happening under the hood across all bits stored on the device, you would not see it.
- Leo
15-Apr-2009
steve schwartz
May 15, 2009 5:17 PM

Here is the answer. The hardware leveling software is integrated with the filesystem in ways that are not obvious. This has to be the case because the card cannot produce memory from nothing. In other words if you "erase" file A which say is a large file of 1Gb from nowhere. It takes it from the free space of the filesystem. It tracks how many times each block is used.

Can the user who posted the original question attempt to erase all unused space on the filesystem once, I think this would get it.

Steve

Rasty
September 29, 2009 1:44 PM

Just saying no over and over again doesn't make it so.

I think only a designer of the flash drive wear-leveling system (WLS) can answer the question with assurance.

If a file is handed over to the WLS by the OS to be stored, the WLS would have to have a way to retrieve the bits and hand it back to the OS. This implies some kind of directory. Unless you can be assured that this low level directory entry is not accessible after the file is erased, then the file could presumably be recovered by specialized software.

When you say that a file only needs to be overwritten once on a flash drive, it leads me to believe that you don't know what you are talking about. If the file is distributed in a random fashion by the WLS, you would not have to erase it even once, rather you would only have to erase the directory entry to make in inaccessible, since there is no contiguous data. Without the directory entry, there would be no way to re-assemble the file.

Phil Hibbs
February 10, 2010 6:18 AM

Whilst I can understand that wear-levelling would mean that even using sdelete would not actually over-write the data that was stored in the file, I would have thought that it would make that data inaccessible to ordinary file recovery software. I think that the only way to securely erase a USB memory stick that uses wear-levelling would be to fill the entire thing with one large file of random or zero data. Rasty, the data would still be in chunks but they would have to be stitched back together by someone who could access the underlying storage on the USB key. Difficult, but not for a military or secret service organization.

Steve
March 16, 2011 9:29 AM

ComputerWorld reports (March 7, 2011) that recovering data from both SSD drives and flash drives is incredibly easy even after being overwritten.

This article requires you to sign up. But it is harmless to do so. Remove the check marks from both boxes and you will not get any additional mailings. At least that is my experience.

This article is scary and should be required reading.

http://www.computerworld.com/s/article/355159/SSD_Security_Issues_Surprise_Experts

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.