Solid State Drives

How to securely erase a Solid State Drive

Solid State Drives (SSDs) are fast and reliable, but they have some limitations when it comes to secure deletion of files. Because of manufacturers’ inconsistent implementations, the only sure method of secure data deletion without the use of restore hardware/software to double-check the procedure is to physically destroy the drive.

Erasing data from SSDs — not so simple

Flash storage has an inherent limitation in that data may only be written to and erased from a given location a certain number of times. This number is typically over 10,000, but it’s still possible a user could hit that limit over the life of the storage device.

To address this problem, manufacturers use a technique known as wear-leveling to make sure writes are spread evenly across the device. A side-effect of wear-leveling is that a file’s data blocks aren’t always kept adjacent to one another but could be distributed and disjointed. Wiping programs like DBAN have a hard time identifying all the far-flung data blocks, so they don’t do a good job of secure deletion on an SSD.

Best practices

Don’t store data you want to protect unencrypted on a Solid State Drive. Encrypt the whole drive from the beginning. This way, even if an attacker could recover data from the SSD, it would be encrypted and unreadable.

If the drive is fully encrypted and there is no worry of the decryption key being used, a simple format will work.

If you need to dispose of an SSD and had at some point stored unencrypted data on it, or if the decryption key may have been compromised, you might choose physical destruction. 

Read about destruction options