Summary: Shredders or Secure Delete tools actually address two distinct problems, only one of which applies to Flash. Addressing the other could be harmful.
I have a question regarding file shredder software and its effectiveness when used on flash drives. I recently tried to shred some files on a flash drive. I applied various aggressive shredding methods - 35 passes, 7 passes, 3 passes, etc.. Each time, using a relatively old recovery software, I was able to easily recover most of the supposedly shredded files!
Are these shredder softwares not intended for use on flash (solid state) devices? If so, why not? Are they effective only on hard disks devices?
•
I will say that I'm surprised that the file recovery tools were able to recover files after being shredded. I would have expected the files to be gone.
However...
Using a file shredder on a flash or solid-state drive isn't something I recommend doing, at least not in the same way as you might on an actual hard disk. The problem is that you could be wearing out the flash drive faster than you need to.
•
File shredders, or secure delete utilities, address two distinct problems when you delete a file in Windows:
-
When a file is deleted, the data is not actually overwritten.
-
On magnetic media, data that has been overwritten might still be recoverable using advanced (and expensive) forensic tools.
Flash drives are not magnetic material, and hence the second item simply doesn't apply. When data is overwritten, the previous data is gone. There's no "magnetic residue" to use to perhaps recover the previous data.
The approach that file shredders use to really, truly, positively erase data on magnetic material such as hard drives is to overwrite it multiple times with random data or data patterns that are designed to make any previous data completely unrecoverable. In reality, overwrite the data two or three times, and for all practical situations it's gone. 35 pass shredding is overkill for the seriously paranoid.
And regardless, overwriting more than once is only applicable for magnetic material.
The problem is simple: flash memory wears out the more you write to it. So writing to the entire flash drive 3, 7 or heaven forbid 35 times when in fact you only needed to write once could be seriously shortening the useful life of that device.
So my advice is simple: to shred or securely delete the data on a flash or solid state device, use a utility that will perform exactly and only one pass of overwriting the deleted data.
That'll be enough.
And if the tool you choose isn't working, I'll point you to SDelete, Secure Delete, which will let you do exactly that.
Related:
-
Can a USB thumbdrive "wear out"? Yes. Flash memory "wears out".
-
Should I defragment my USB Flash drive? We've all been told that defragmenting a hard disk is a good thing for performance, but the same is most definitely not true for flash drives.
-
Secure Delete: what is it, and do I need it? Secure Delete is a way to make sure that when you delete a file it cannot be recovered. Understanding Secure Delete is important to protect sensitive data properly.
Article C3670 - March 8, 2009
it is very good when delete function not work
Posted by: hemraj at March 10, 2009 12:46 PMWouldn't East-Tec Eraser be the best option for USB and disk?
Posted by: Rocco at March 11, 2009 2:13 AMhttp://www.east-tec.com/
i want to view & recover my picture files but how can i recover picture files on my USB if i have already cut them from my USB and paste it on a folder who happens to be inffected by a virus giving it the cause why i cannot view my Picture files anymore.
Posted by: Gamar Damlani at March 13, 2009 9:32 PMWear leveling means it is writing the shred to other parts of the memory drive, thus it does not overwrite the original file remnants.
And, voila, the old file remains intact to a file recovery program.
contig is "complicated"??? sheesh.
It would be better to use a truecrypt volume to keep private stuff private on a flash disk. Perhaps the only way.
14-Mar-2009
Wear leveling would increase the chances of recovery if the recovery program is looking at ALL of the free blocks... as there is still a block on that USB that contains that data.
15-Mar-2009
What about other forms of flash memory? Like SD cards and their ilk. Do they wear out as well?
19-Mar-2009
As someone with a scienctific background it would be easier to recover data from from many passes than from a few and here's why...
Granted the signal of the original files will become weaker the more passes one does, and more difficult to recover, but in essence the file would be less corrupt. The more random passes one does the more the scrambled signal evens out. Everyone should know this from statistics, flip enough heads and tails and you'll get a 50/50 split. It's kind of like cryptography in a way if you visualize each track as a column, but I digress, similarily if you only do a few passes the original signal will be stronger but more corrupt. hd only though not sure about flash.
23-Mar-2009
Hello,
does "Wear levelling" consider about partititions?
Example: 4 GB USB Stick with two partititions
1. Linux Ext2 - 8MB
2. Windows FAT - Rest of it
If I overwrite partitition 1. once with random data, will there be left data from that partitition somewhere on the stick because of "Wear levelling"?
15-Apr-2009
Here is the answer. The hardware leveling software is integrated with the filesystem in ways that are not obvious. This has to be the case because the card cannot produce memory from nothing. In other words if you "erase" file A which say is a large file of 1Gb from nowhere. It takes it from the free space of the filesystem. It tracks how many times each block is used.
Can the user who posted the original question attempt to erase all unused space on the filesystem once, I think this would get it.
Steve
Posted by: steve schwartz at May 15, 2009 5:17 PMJust saying no over and over again doesn't make it so.
I think only a designer of the flash drive wear-leveling system (WLS) can answer the question with assurance.
If a file is handed over to the WLS by the OS to be stored, the WLS would have to have a way to retrieve the bits and hand it back to the OS. This implies some kind of directory. Unless you can be assured that this low level directory entry is not accessible after the file is erased, then the file could presumably be recovered by specialized software.
When you say that a file only needs to be overwritten once on a flash drive, it leads me to believe that you don't know what you are talking about. If the file is distributed in a random fashion by the WLS, you would not have to erase it even once, rather you would only have to erase the directory entry to make in inaccessible, since there is no contiguous data. Without the directory entry, there would be no way to re-assemble the file.
Posted by: Rasty at September 29, 2009 1:44 PM