I understand traditional methods don’t work with modern SSD, anyone knows any good way to do it?

    • OmanMkII@aussie.zone
      link
      fedilink
      arrow-up
      7
      ·
      7 months ago

      For secure data destruction, either pay for it to be done properly, or create your own way of doing it. A decent sized drill bit can do all the work for you, at the cost of a new drive of course.

      • fartsparkles
        link
        fedilink
        arrow-up
        13
        ·
        edit-2
        7 months ago

        No. Most SSDs actually contain far more storage internally than the SSD controller exposes. They then even out the wear and tear of the flash memory “packages” by cycling through the various packages and, given there being more packages than actually exposed for use, this offers a level of redundancy so the device lasts longer.

        Because of this, wiping the logical device (e.g. zero filling or writing random data multiple times) doesn’t actually guarantee every storage package is written to / overwritten. Thus data may still reside even after wiping (that can be accessed by reading the packages directly and skipping the controller which abstracts these packages into a virtual block device).

        Some SSDs offer a secure wipe tool that does a low level wipe of every page or wipes out an encryption key and generates a new one but not every SSD on the market offers that feature.

        From the company my org has used to decommission old hardware; an industrial grinder is sadly the most assured way to guarantee no data can be recovered.

  • Captain Aggravated
    link
    fedilink
    English
    arrow-up
    47
    ·
    7 months ago

    If it’s really an issue where “if the data on this SSD falls into the wrong hands, lives will be ruined” sort of thing, my favorite data security tool for this job is a bench grinder. Difficult to put the data back together when the flash chips are powder scattered throughout 14 different shop surfaces and at least two lungs.

  • Goat@lemmy.blahaj.zone
    link
    fedilink
    arrow-up
    45
    ·
    7 months ago

    A special feature known as SSD secure erase. The easiest OS-independent way is probably via CMOS setup – modern BIOSes can send secure erase to NVM Express SSDs and possibly SATA SSDs.

      • WhatAmLemmy@lemmy.world
        link
        fedilink
        English
        arrow-up
        22
        arrow-down
        1
        ·
        edit-2
        7 months ago

        Most SSD/flash secure erase methods involve the storage having full disk encryption enabled, and simply destroying the encryption key. Without the encryption key the data can’t be deciphered even with the correct password, as the password was only used to encrypt the encryption key itself. This is why you can “factory reset” an iPhone or Android in seconds.

      • mark3748
        link
        fedilink
        arrow-up
        20
        ·
        7 months ago

        It is the only approved method for data destruction for the several banks and government agencies I support. If they trust it, I trust it.

        I have checked a couple of times out of curiosity, after a secure erase the drive is as clean as if it had been DBANed. Sometimes things are standards because they work properly.

        • User_already_exist@lemmy.worldOP
          link
          fedilink
          arrow-up
          3
          ·
          7 months ago

          Thanks for this informative answer. Then it would make sense that it took only 1 second, then again, I have a modern Asus motherboard (AM5) with a Western Digital NVMe drive, and that drive isn’t listed as Secure Erase compatible on Asus motherboard. I will download the WD dashboard and do it that way, I didn’t know it existed before I posted this question.

        • lud@lemm.ee
          link
          fedilink
          arrow-up
          1
          ·
          7 months ago

          TEMU/Wish/Aliexpress SSD

          I wouldn’t trust any computer part from those places.

    • TedZanzibar@feddit.uk
      link
      fedilink
      English
      arrow-up
      11
      ·
      7 months ago

      This is the correct answer. Due to wear levelling, a traditional drive wipe program isn’t going to work reliably, whereas most (all?) SSDs have some sort of secure erase function.

      It’s been a while since I read up on it but I think it works due to the drive encrypting everything that’s written to it, though you wouldn’t know it’s happening. When you call the secure erase function it just forgets the key and cycles in a new one, rendering everything previously written to it irrecoverable. The bonus is that it’s an incredibly quick operation.

      Failing that, smash it to bits.

      • Dark Arc@social.packetloss.gg
        link
        fedilink
        English
        arrow-up
        8
        ·
        edit-2
        7 months ago

        And if you’re hiding from a nation state … don’t trust that, smash it to bits and dispose of them at different trash collection locations 🙂

  • PM_Your_Nudes_Please@lemmy.world
    link
    fedilink
    arrow-up
    24
    arrow-down
    1
    ·
    7 months ago

    Are you considering using the drive afterwards? Because “toss it in a microwave for like 5 minutes” is always a valid answer if you’re not worried about reusing it.

  • WhatAmLemmy@lemmy.world
    link
    fedilink
    English
    arrow-up
    25
    arrow-down
    2
    ·
    edit-2
    7 months ago

    For all average user requirements that just involve backups, PII docs, your sex vids, etc (e.g. not someone who could be persecuted, prosecuted, or murdered for their data) your best bet (other than physical destruction) is to encrypt every usable bit in the drive.

    1. Download veracrypt
    2. Format the SSD as exFAT
    3. Create a new veracrypt volume on the mounted exFat partition that uses 100% of available space (any format).
    4. open up a notepad and type out a long random ass throwaway password e.g. $-963,;@82??/@;!3?$.&$-,fysnvefeianbsTak62064$@/lsjgegelwidvwggagabanskhbwugVg, copy it, and close/delete without saving.
    5. paste that password for the new veracrypt volume, and follow the prompts until it starts encrypting your SSD. It’ll take a while as it encrypts every available bit one-by-one.

    Even if veracrypt hits a free space error at the end of the task, the job is done. Maybe not 100%, but 99.99+% of space on the SSD is overwritten with indecipherable gibberish. Maybe advanced forensics could recover some bits, but a) why the fuck would they go to that effort for a filthy commoner like yourself, and b) what are the chances that 0.01% of recoverable data contains anything useful!?! You don’t really need to bother destroying the header encryption key (as apple and android products do when you wipe a device) as you don’t know the password and there isn’t a chance in hell you or anyone else is gonna guess, nor brute force, it.

      • otp
        link
        fedilink
        arrow-up
        6
        arrow-down
        4
        ·
        7 months ago

        If you want to keep/sell the drive…

        1. Fill up the rest of the usable space
        2. Encrypt the drive
        3. Throw away the encryption key/password
        4. Hard format (writing zeroes to every bit, sorry if that’s the wrong term

        Is that the best strategy? Or is anything outside of 2 and 3 redundant?

        • Brkdncr@lemmy.world
          link
          fedilink
          arrow-up
          9
          ·
          7 months ago

          You can’t fill the drive. The drive decides when to use its buffered free storage blocks. It’s at the hardware level and only the Secure Erase command will clear it.

          • otp
            link
            fedilink
            arrow-up
            2
            ·
            7 months ago

            Right, I read some more of the comments and realized that’s what some of the “unreported space” is used for. Makes sense, thanks!

          • _edge@discuss.tchncs.de
            link
            fedilink
            arrow-up
            1
            arrow-down
            2
            ·
            7 months ago

            You fill up the usable space. Or the visible space. No one will disamble the device and read from the raw storage.

          • otp
            link
            fedilink
            arrow-up
            1
            ·
            7 months ago

            That makes sense. Thank you!

      • WhatAmLemmy@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        2
        ·
        7 months ago

        a) why the fuck would they go to that effort for a filthy commoner like yourself, and b) what are the chances that 0.01% of recoverable data contains anything useful!?!

        Nobody is gonna bother doing advanced forensics on 2nd hand storage, digging into megabytes of reallocated sectors on the off chance they to find something financially exploitable. That’s a level of paranoia no data supports.

        My example applies to storage devices which don’t default to encryption (most non-OS external storage). It’s analogous to changing your existing encrypted disks password to a random-ass unrecoverable throwaway.

  • Brkdncr@lemmy.world
    link
    fedilink
    arrow-up
    21
    ·
    7 months ago
    • Secure erase using the drive OEMs tool.
    • If you were using something like bitlocker then simply dump the key.
    • Wood chipper or some other form of absolute physical destruction.
  • sylver_dragon@lemmy.world
    link
    fedilink
    English
    arrow-up
    19
    ·
    7 months ago

    This article covers several methods. Personally, I’d look for a BIOS based tool first, as that would be free and easiest. After that, the Diskpart Clean All command is probably fine for anything other than Top Secret data which a government based threat actor would be willing to put a lot of resources into recovering. If it’s just your tax documents and porn archive, no one is going to care enough to dig out anything which that command might have left behind.

  • CyberDine@lemmy.world
    link
    fedilink
    arrow-up
    10
    ·
    edit-2
    7 months ago

    NSA requires the use of a industrial shredder that can grind the components into pieces less than 2mm.

    https://ameri-shred.com/portfolio-items/2mm-ssd-solid-state-drive-hammer-mills/

    If you can’t do that, you should incinerate the drive at over 700 degrees.

    As far as wiping goes, a 3 pass overwrite alternating 0s and 1s is good enough as long as it’s done over the entire drive, not just the partition.

    BCWipe is good enough for this