Physical destruction. It's the only way to be 100% sure.
Nuke it from orbit. Only way to be safe
⬆️➡️⬇️⬇️⬇️
A fellow enjoyer of democracy
*Presses b
A fellow Expeditionary Force enjoyer I see
For secure data destruction, either pay for it to be done properly, or create your own way of doing it. A decent sized drill bit can do all the work for you, at the cost of a new drive of course.
A special feature known as SSD secure erase. The easiest OS-independent way is probably via CMOS setup – modern BIOSes can send secure erase to NVM Express SSDs and possibly SATA SSDs.
Did this already, it took 1 second for a 2TB drive. Would you trust that?
Most SSD/flash secure erase methods involve the storage having full disk encryption enabled, and simply destroying the encryption key. Without the encryption key the data can't be deciphered even with the correct password, as the password was only used to encrypt the encryption key itself. This is why you can "factory reset" an iPhone or Android in seconds.
It is the only approved method for data destruction for the several banks and government agencies I support. If they trust it, I trust it.
I have checked a couple of times out of curiosity, after a secure erase the drive is as clean as if it had been DBANed. Sometimes things are standards because they work properly.
Secure Erase usually works by encrypting all data before writing it to disk, using a key stored in a special area on the SSD. Reading and writing to the drive is transparent, the OS doesn't notice any encryption, but on a hardware level the data isn't plainly readable.
When you issue an erase command, the SSD throws out the old key and generates a new one. All data on the drive instantly becomes unreadable garbage.
I say usually, because not all SSDs work that way. I wouldn't trust Secure Erase on some crappy TEMU/Wish/Aliexpress SSD. Some drives will instead drain every cell, effectively erasing the contents in one single operation. As long as reserve space and relocated memory gets wiped as well (it should, if this is done at the hardware level), this is also perfectly safe.
Encryption also protects data against the types of duplication and relocation an SSD will do by itself to balance write+erase cycles across the SSD's cells. If you were to try to overwrite the SSD, a significant chunk of old cells would still contain data, because the OS doesn't get access to the raw flash storage.
With encryption, it doesn't really matter how many bytes are still present on the drive, because unless someone cracked open the SSD and extracted the key before, there's no making sense of any of that data.
If you don't trust your SSD's encryption, you can use the same practice to protect your files: before you store any interesting files on it, enable disk encryption and use a TPM or VERY strong password for the encryption key (you may need to disable uploading a recovery key to the cloud depending on your OS for maximum security). Taken out of your PC, without some key backup in hand, the drive is completely unreadable and can be resold without worry. This also comes with the downside that if your PC breaks and your key is lost, you won't be able to get to the data, of course.
Yes. SSDs are different from HDDs.
If it's really an issue where "if the data on this SSD falls into the wrong hands, lives will be ruined" sort of thing, my favorite data security tool for this job is a bench grinder. Difficult to put the data back together when the flash chips are powder scattered throughout 14 different shop surfaces and at least two lungs.
I prefer thermite. Recover my data from a messy contaminated slag heap.
Does it have to be from orbit?
What if the drive is not on a planet?
Then you need to aim really well and time your orbit
Call the devices secure erase functionality.
here’s how to do it to sata and pata devices
I don’t do some of the checking and testing in that article, I just do —security-erase-enhanced and unless it fails it’s fine.
You could also encrypt the contents and delete the key.
This is the correct answer. Due to wear levelling, a traditional drive wipe program isn't going to work reliably, whereas most (all?) SSDs have some sort of secure erase function.
It's been a while since I read up on it but I think it works due to the drive encrypting everything that's written to it, though you wouldn't know it's happening. When you call the secure erase function it just forgets the key and cycles in a new one, rendering everything previously written to it irrecoverable. The bonus is that it's an incredibly quick operation.
Failing that, smash it to bits.
And if you're hiding from a nation state ... don't trust that, smash it to bits and dispose of them at different trash collection locations 🙂
For all average user requirements that just involve backups, PII docs, your sex vids, etc (e.g. not someone who could be persecuted, prosecuted, or murdered for their data) your best bet (other than physical destruction) is to encrypt every usable bit in the drive.
$-963,;@82??/@;!3?$.&$-,fysnvefeianbsTak62064$@/lsjgegelwidvwggagabanskhbwugVg, copy it, and close/delete without saving.Even if veracrypt hits a free space error at the end of the task, the job is done. Maybe not 100%, but 99.99+% of space on the SSD is overwritten with indecipherable gibberish. Maybe advanced forensics could recover some bits, but a) why the fuck would they go to that effort for a filthy commoner like yourself, and b) what are the chances that 0.01% of recoverable data contains anything useful!?! You don't really need to bother destroying the header encryption key (as apple and android products do when you wipe a device) as you don't know the password and there isn't a chance in hell you or anyone else is gonna guess, nor brute force, it.
Because of wear management and the way flash storage works, overwriting disks is even more useless for wiping data than it was on hard drives. Even on spinning rust there were plenty of files in relocated sectors, but on SSDs you get relocation behaviour and copied files without any actual damage to the disk.
You can overwrite a file on your SSD with random numbers supposedly filling the entire file's space, but under the hood the SSD could be like "erasing this block would wear down the disk too much, let's just copy the block some place else and map the data offset to this new set of cells". Modern SSDs also have extra storage capacity so that wear leveling can be done without reducing your storage space in the process, and cells the SSD deems to be too unstable will be copied and unmapped. Their data will still be there, but it won't be accessible to the computer, even if you overwrite the entire drive.
If you want to erase data, physically destroy the disk. If you want to prevent having to erase data, encrypt it (it's on by default in Windows, Mac, and most Linux distros) so you only need to destroy the encryption key to make the data unreadable.
If you want to keep/sell the drive...
Is that the best strategy? Or is anything outside of 2 and 3 redundant?
You can’t fill the drive. The drive decides when to use its buffered free storage blocks. It’s at the hardware level and only the Secure Erase command will clear it.
Right, I read some more of the comments and realized that's what some of the "unreported space" is used for. Makes sense, thanks!
Are you considering using the drive afterwards? Because “toss it in a microwave for like 5 minutes” is always a valid answer if you’re not worried about reusing it.
This article covers several methods. Personally, I'd look for a BIOS based tool first, as that would be free and easiest. After that, the Diskpart Clean All command is probably fine for anything other than Top Secret data which a government based threat actor would be willing to put a lot of resources into recovering. If it's just your tax documents and porn archive, no one is going to care enough to dig out anything which that command might have left behind.
I hear thermite is good at destroying things.
A microwave oven should do the trick
i know this isn't what is being asked, but disk level encryption is cool
Physical damage is the most reliable. Drill through the flash chips, chuck the whole thing into an old microwave, then throw it all in a fire.
If you want to resell the SSD, use secure erase. If that doesn't work (some broken firmware doesn't erase on secure erase, you'll know when you reboot and the data is still there), you can try overwriting all storage as a last resort.
If the drive was encrypted, either with a hardware backed key or a very secure password, throw out the encryption key and delete the backup key. That should suffice, unless a powerful country with access to advanced quantum computers will be targeting you in the next ten or twenty years.
Overwriting storage is rarely good enough to wipe all files, but there's a good chance most of the files you want deleted will be gone. If all files on the drive are sensitive, you should've probably encrypted the drive (lesson for next time!) and shouldn't rely on overwriting to actually erase the data you're trying to destroy.
doesn't just overwriting the data work?
No. Modern SSDs are quite sophisticated in how they handle wear leveling and are, for the most part, black boxes.
SSDs maintain a mapping of logical blocks (what your OS sees) to physical blocks (where the data is physically stored on the flash chips). For instance, when your computer writes to the logical block address 100, the SSD might map that to a physical block address of 200 (this is a very simplified). If you overwrite logical block address 100 again, the SSD might write to physical block address 300 and remap it, while not touching the data at physical block address 200. This let's you avoid wearing out a particular part of the flash memory and instead spread the load out. It also means that someone could potentially rip the flash chips off the SSD, read them directly, and see data you thought was overwritten.
You can't just overwrite the entire SSD either because most SSDs overprovision, e.g. physically have more storage than they report. This is for wear leveling and increased life span of the SSD. If you overwrite the entire SSD, there may be physical flash that was not being overwritten. You can try overwriting the drive multiple times, but because SSDs are black boxes, you can't be 100% sure how it handles wear leveling and that all the data was actually overwritten.
No, "overwritten" data doesn't actually get erased right away due to wear levelling. As SSDs get esoterically smart with how they prevent unnecessary erase operations, there's no way to be sure without secure erase.
3 pass random data erase. If you are not going to use it again, a nice hammer.
So many people here responding with outdated misinformation.
Whoever might need, for whatever reason, to write on a parchment sheet which had already been written, should take some milk and should put the parchment in it for one night’s time. As soon as it is taken out, it should be strewn with flour in order that it not be wrinkled after it begins to dry, and so as to be kept under pressure until it dries out. After it is done, the parchment will regain its former quality, shining and lucid, by means of pumice stone and chalk.
If it's really sensitive shit, you should beat the shit out of it with a sledgehammer and make sure you got all the nand modules(see diagram online), then throw parts of it into a large body of water, deeper the better
A loosely moderated place to ask open-ended questions
If your post meets the following criteria, it's welcome here!
Looking for support?
Looking for a community?
~Icon~ ~by~ ~@Double_[email protected]~