Helping people with computers... one answer at a time.
Shredders or Secure Delete tools actually address two distinct problems, only one of which applies to Flash. Addressing the other could be harmful.
I have a question regarding file shredder software and its effectiveness when used on flash drives. I recently tried to shred some files on a flash drive. I applied various aggressive shredding methods - 35 passes, 7 passes, 3 passes, etc.. Each time, using a relatively old recovery software, I was able to easily recover most of the supposedly shredded files!
Are these shredder softwares not intended for use on flash (solid state) devices? If so, why not? Are they effective only on hard disks devices?
•
I will say that I'm surprised that the file recovery tools were able to recover files after being shredded. I would have expected the files to be gone.
However...
Using a file shredder on a flash or solid-state drive isn't something I recommend doing, at least not in the same way as you might on an actual hard disk. The problem is that you could be wearing out the flash drive faster than you need to.
•
File shredders, or secure delete utilities, address two distinct problems when you delete a file in Windows:
-
When a file is deleted, the data is not actually overwritten.
-
On magnetic media, data that has been overwritten might still be recoverable using advanced (and expensive) forensic tools.
Flash drives are not magnetic material, and hence the second item simply doesn't apply. When data is overwritten, the previous data is gone. There's no "magnetic residue" to use to perhaps recover the previous data.
The approach that file shredders use to really, truly, positively erase data on magnetic material such as hard drives is to overwrite it multiple times with random data or data patterns that are designed to make any previous data completely unrecoverable. In reality, overwrite the data two or three times, and for all practical situations it's gone. 35 pass shredding is overkill for the seriously paranoid.
And regardless, overwriting more than once is only applicable for magnetic material.
The problem is simple: flash memory wears out the more you write to it. So writing to the entire flash drive 3, 7 or heaven forbid 35 times when in fact you only needed to write once could be seriously shortening the useful life of that device.
So my advice is simple: to shred or securely delete the data on a flash or solid state device, use a utility that will perform exactly and only one pass of overwriting the deleted data.
That'll be enough.
And if the tool you choose isn't working, I'll point you to SDelete, Secure Delete, which will let you do exactly that.
Article C3670 - March 8, 2009
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
Hello,
does "Wear levelling" consider about partititions?
Example: 4 GB USB Stick with two partititions
1. Linux Ext2 - 8MB
2. Windows FAT - Rest of it
If I overwrite partitition 1. once with random data, will there be left data from that partitition somewhere on the stick because of "Wear levelling"?
15-Apr-2009
Here is the answer. The hardware leveling software is integrated with the filesystem in ways that are not obvious. This has to be the case because the card cannot produce memory from nothing. In other words if you "erase" file A which say is a large file of 1Gb from nowhere. It takes it from the free space of the filesystem. It tracks how many times each block is used.
Can the user who posted the original question attempt to erase all unused space on the filesystem once, I think this would get it.
Steve
Posted by: steve schwartz at May 15, 2009 5:17 PMJust saying no over and over again doesn't make it so.
I think only a designer of the flash drive wear-leveling system (WLS) can answer the question with assurance.
If a file is handed over to the WLS by the OS to be stored, the WLS would have to have a way to retrieve the bits and hand it back to the OS. This implies some kind of directory. Unless you can be assured that this low level directory entry is not accessible after the file is erased, then the file could presumably be recovered by specialized software.
When you say that a file only needs to be overwritten once on a flash drive, it leads me to believe that you don't know what you are talking about. If the file is distributed in a random fashion by the WLS, you would not have to erase it even once, rather you would only have to erase the directory entry to make in inaccessible, since there is no contiguous data. Without the directory entry, there would be no way to re-assemble the file.
Posted by: Rasty at September 29, 2009 1:44 PMWhilst I can understand that wear-levelling would mean that even using sdelete would not actually over-write the data that was stored in the file, I would have thought that it would make that data inaccessible to ordinary file recovery software. I think that the only way to securely erase a USB memory stick that uses wear-levelling would be to fill the entire thing with one large file of random or zero data. Rasty, the data would still be in chunks but they would have to be stitched back together by someone who could access the underlying storage on the USB key. Difficult, but not for a military or secret service organization.
Posted by: Phil Hibbs at February 10, 2010 6:18 AMComputerWorld reports (March 7, 2011) that recovering data from both SSD drives and flash drives is incredibly easy even after being overwritten.
This article requires you to sign up. But it is harmless to do so. Remove the check marks from both boxes and you will not get any additional mailings. At least that is my experience.
This article is scary and should be required reading.
http://www.computerworld.com/s/article/355159/SSD_Security_Issues_Surprise_Experts
Posted by: Steve at March 16, 2011 9:29 AM