'secure' deletion

User avatar
stuck
Panoramic Lounger
Posts: 8127
Joined: 25 Jan 2010, 09:09
Location: retirement

'secure' deletion

Post by stuck »

Elsewhere I've mentioned that the SSD on my Win 10 box is to be replaced under warranty. This means I have to post the dead one back to them.

Before I do that I'd like to be as sure as I can be that they can't rummage through the \Windows.old folder that's on the disk and get at things like the copies of my three Outlook.pst files or the few pictures or anything else like passwords somewhere in my Firefox profiles.

I know that secure deletion is difficult, especially on a SSD and I've just read that encrypting the drive is a better bet. So given that this SSD is less that optimal, my question is how best to encrypt the contents of the SSD so that it's safe to post back to the supplier?

Option A) the OS is Win 10 Pro so should I try enabling Bitlocker?
Option B) is there a portable utility that can be run from a USB stick that will encrypt the SSD?
Option c) some other idea that I don't know about?

Thanks,

Ken

Edited to add: when I said .post the dead one., it's more accurate to say that the SSD is functional but dying / somewhat flaky. A Win 10 reinstall means it does boot again and I can poke around in Explorer without it locking up but one of the first notifications I got was 'reboot to repair the drive'.

User avatar
John Gray
PlatinumLounger
Posts: 5401
Joined: 24 Jan 2010, 08:33
Location: A cathedral city in England

Re: 'secure' deletion

Post by John Gray »

How about booting from your new Windows DVD and doing a full Format of the SSD?

Or boot a DBAN CD and choose a single wipe (assuming DBAN handles SSDs)?
John Gray

Venison is quiet deer, and quite dear.

User avatar
viking33
PlatinumLounger
Posts: 5685
Joined: 24 Jan 2010, 19:16
Location: Cape Cod, Massachusetts,USA

Re: 'secure' deletion

Post by viking33 »

CCleaner Free may do this for you.
I don't have an SSD Drive but one of the moderators at CCLeaner Forum, posted this reply to usine drive wipe on SSD/
==================


Because a write - which is what overwriting is - will be done to a new page, and the existing data page sent to the invalid page pool untouched. A normal deletion will send the deleted page directly to the invalid page pool where it is inaccessible by any user, and will subsequently be emptied (i.e. set back to all ones) and sent to the valid page pool by the SSD controller.



So an overwrite is just unneccessary work and wear and tear on your SSD. The SSD controller will do the overwriting for you. All 'normal' SSD deletes are de facto secure overwrites.
=================

Go to Tools>Drive Wiper>Secutity>Simple Overwrite.1 pass
BOB
:massachusetts: :usa:
______________________________________

If I agreed with you we'd both be wrong.

User avatar
stuck
Panoramic Lounger
Posts: 8127
Joined: 25 Jan 2010, 09:09
Location: retirement

Re: 'secure' deletion

Post by stuck »

I raised the idea of encryption rather than 'secure' deletion because of this how to geek article:
https://www.howtogeek.com/234683/why-yo ... o-instead/

Is it's logic sound?

Ken

User avatar
viking33
PlatinumLounger
Posts: 5685
Joined: 24 Jan 2010, 19:16
Location: Cape Cod, Massachusetts,USA

Re: 'secure' deletion

Post by viking33 »

stuck wrote:I raised the idea of encryption rather than 'secure' deletion because of this how to geek article:
https://www.howtogeek.com/234683/why-yo ... o-instead/

Is it's logic sound?

Ken
My "take" on the two links seem to be about the same info. CCleaner erases the info providing that you do the entire disk and not just some files. SSD auto encrypts the deleted data.
Why the Mod said one pass wipe and not the more secure DOD ( Dept. of Defense ) method of either 5 or 7 passes, I don't know. I think I would be well satisfied with either method, without being paranoid about it.
BOB
:massachusetts: :usa:
______________________________________

If I agreed with you we'd both be wrong.

User avatar
John Gray
PlatinumLounger
Posts: 5401
Joined: 24 Jan 2010, 08:33
Location: A cathedral city in England

Re: 'secure' deletion

Post by John Gray »

I would suggest that if you delete files and then defragment the disk then the old pointers to files no longer point to the file data of the previous files. Formatting the disk or using DBAN will do a more thorough job. Unless someone is going use a sector displayer on the resultant drive, that sounds safe enough to me.
John Gray

Venison is quiet deer, and quite dear.

User avatar
stuck
Panoramic Lounger
Posts: 8127
Joined: 25 Jan 2010, 09:09
Location: retirement

Re: 'secure' deletion

Post by stuck »

viking33 wrote:...SSD auto encrypts the deleted data...
That's not the way I read the how-to-geek article but it is dated 2015 so maybe it's out of date.

John, I do have a DBAN disk and since the SSD has alreday been declared 'failed' hammering it with DBAN might be the simplest option.

I half wondered if Stuart might have a view on this thread, as he knows an awful lot about data security but maybe he's away on busines at the moment.

Ken

User avatar
HansV
Administrator
Posts: 78236
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: 'secure' deletion

Post by HansV »

Hammering it with a hammer would work too...
Best wishes,
Hans

User avatar
stuck
Panoramic Lounger
Posts: 8127
Joined: 25 Jan 2010, 09:09
Location: retirement

Re: 'secure' deletion

Post by stuck »

HansV wrote:Hammering it with a hammer would work too...
:laugh: Indeed but I suspect that might void the warranty.

Ken

User avatar
Argus
GoldLounger
Posts: 3081
Joined: 24 Jan 2010, 19:07

Re: 'secure' deletion

Post by Argus »

(The first question to answer is of course if the SSD is supposed to be able to work after the "'secure' deletion". :smile:)

I would definitely not use DBAN on a SSD, wasting write cycles, if I was ever going to use it again. This has been discussed at several places around the web. But then again, if it is considered as not working, just to return it ...

Some manufacturers have created an option for secure erase (ATA Secure Erase) in their software, such as for example Samsung Magician's Secure Erase; so that would be the first place to look. (I would do that as part of troubleshooting as well.)

It's possible that option A would work, but since it is "somewhat flaky" perhaps not. The article in your link discuss the problem how to securely delete a single file, or a group of files, but I agree that full-drive encryption gets around that problem; and in the long run it is perhaps the best option.
stuck wrote:I half wondered if Stuart might have a view on this thread, as he knows an awful lot about data security but maybe he's away on busines at the moment.
It is perhaps one thing with a working drive, and another with the best option in this case.
Byelingual    When you speak two languages but start losing vocabulary in both of them.

User avatar
StuartR
Administrator
Posts: 12577
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: 'secure' deletion

Post by StuartR »

This article seems quite helpful How to Securely Erase Your SSD Without Destroying It, but it does heavily promote one particular tool

Best bet is probably to visit the web site of the SSD vendor to see if they have a suitable utility.
StuartR


User avatar
stuck
Panoramic Lounger
Posts: 8127
Joined: 25 Jan 2010, 09:09
Location: retirement

Re: 'secure' deletion

Post by stuck »

StuartR wrote:Best bet is probably to visit the web site of the SSD vendor to see if they have a suitable utility.
Thanks you Stuart. I'll look again at the SSD but it appears to be a non-branded item (which is probably why it failed in the first place, he adds cynically).

Meanwhile, any thoughts on just trying to turn on Bitlocker as a way of securing the drive?

I realise that idea does depend on the drive lasting long enough for the disk encryption to complete.

Ken

User avatar
StuartR
Administrator
Posts: 12577
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: 'secure' deletion

Post by StuartR »

Turning on Bitlocker would only help if you did so BEFORE you wrote the data to the drive. If you turn it on now then the entire drive will be read, and the encrypted version will be written back to different memory locations, leaving the originals vulnerable to specialist tools.
StuartR


User avatar
stuck
Panoramic Lounger
Posts: 8127
Joined: 25 Jan 2010, 09:09
Location: retirement

Re: 'secure' deletion

Post by stuck »

StuartR wrote:Turning on Bitlocker would only help if you did so BEFORE you wrote the data to the drive. If you turn it on now then the entire drive will be read, and the encrypted version will be written back to different memory locations, leaving the originals vulnerable to specialist tools.
Oh, that's a disappointment. It sounded like a simple fix. On the upside I now understand more about how Bitlocker works.

Ken

User avatar
StuartR
Administrator
Posts: 12577
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: 'secure' deletion

Post by StuartR »

This is just how SSD works, if you read a block and then write it back, the updated data goes to a different memory location.
StuartR


User avatar
stuck
Panoramic Lounger
Posts: 8127
Joined: 25 Jan 2010, 09:09
Location: retirement

Re: 'secure' deletion

Post by stuck »

Given that what I have learnt from this thread I have:
1) Filled all of the free space on the drive with multiple copies of a blank video, i.e. I've overwritten every available location at least once.
2) Enabled Bitlocker.
If I've understood things correctly that means there's no part of the drive that's not encypted, every available bit is now non-human readable.

Given that, my next step will be to delete all the blank video files. That 'deletion' won't actually wipe anything from the drive, it will just mark those memory locations as free space BUT that free space will not be human readable, it will be full of encypted bits. That sounds secure enough to me.

Or is my logic faulty?

Ken
PS I don't care if this totally trashes the drive, I just want to be sure that the unless someone resorts to industrial strength forensic tools they won't find any of my data on the disk. I can't see the company who sold me this PC either having such tools to hand or going to that amount of effort for a drive they're going replace under warranty.

User avatar
Argus
GoldLounger
Posts: 3081
Joined: 24 Jan 2010, 19:07

Re: 'secure' deletion

Post by Argus »

As Stuart mentioned the SSD's controller use wear levelling, moving data around. It is also possible that there is unallocated space on the disk. When it comes to SSDs there is this concept: overprovisioning. It is used as a buffer (when moving things around), usually to increase endurance (and perhaps performance a bit). (I have created a small unallocated space on one SSD.)

To quote from a Kingston page (randomly picked) [looks like some auto-translation]:
https://www.kingston.com/us/community/a ... leid/29539" onclick="window.open(this.href);return false;
ATA Secure Erase is part of the ANSI ATA specification and When to Implemented Correctly, wipes The entire contents of a drive at the hardware level Instead of through software tools. Software tools over-write data on hard drives and SSDs, Often through multiple passes; over-writing The Problem with SSDs Is That Such software tools can not access all the storage areas on an SSD, leaving behind blocks of data in the service regions of the drive (examples: Bad Blocks, Wear-Leveling Blocks, etc.)
The idea behind the recommendation of secure erase, if supported by the SSD, is that the SSD’s controller will listen; when using other software it will do what it thinks is best for the SSD.
Byelingual    When you speak two languages but start losing vocabulary in both of them.

User avatar
stuck
Panoramic Lounger
Posts: 8127
Joined: 25 Jan 2010, 09:09
Location: retirement

Re: 'secure' deletion

Post by stuck »

Argus wrote:..It is also possible that there is unallocated space on the disk...
I understand that a genuine 'secure delete' is the only way to be sure but the disk is an unbranded one so I can't get software from the manufacturer and I don't have the means to try and zap the disk with something like Parted Magic. That's why I came up with my 'chewing gum and string' solution to the problem outlined above.

If I look at the partitioning of the disk then there is no unallocated space but I suppose part of the main system partition may be reserved for the sort of buffering you mention so in theory there may be something lurking somewhere. What risk is associated with that though? My risk assessment is that...

Unless, after I've returned this SSD to the vendor, the vendor sells on this SSD 'as is' and it ends up in the possesion of a serious geek / hacker then no one is going to find anything that may be lurking within that buffer area. More likely, the vendor will either bin the drive (but then there's the risk of a local geek going through their bin looking for treasure) or re-image it and refit it to another one of their refurb. machines in the hope that once it is re-sold it will work for at least the warranty period, after which it's not their problem or if not they will 'rinse and repeat'.

Whatever happens, the odds of this drive ending up in the possesion of someone deterimed to recover the last few bits of unencrypted data that may be on the drive look very low to me. Making this less than optimal solution an acceptable risk.

Or am I being too optimistic?

Ken

User avatar
viking33
PlatinumLounger
Posts: 5685
Joined: 24 Jan 2010, 19:16
Location: Cape Cod, Massachusetts,USA

Re: 'secure' deletion

Post by viking33 »

No Ken, not too pessimistic at all. A little paranoid perhaps but that is strictly IMHO. Don't take it wrong, Please!
Use CCleaner free and run it in secure wipe DOD mode, after you have copied whatever data you want to retain. Relax and have a :cheers: :chocciebar:
BOB
:massachusetts: :usa:
______________________________________

If I agreed with you we'd both be wrong.

User avatar
stuck
Panoramic Lounger
Posts: 8127
Joined: 25 Jan 2010, 09:09
Location: retirement

Re: 'secure' deletion

Post by stuck »

Well, that's it totally stuffed now.

As indicated above, I filled the drive and then enabled Bitlocker. When I returned to the PC after work it had gone to sleep but wouldn't wake up.

When I pressed the power button it eventually said no HDD found and all I could do was access the BIOS.

I removed the SSD and hooked it up to my old XP box, thinking I could at least see the drive in Explorer even if it was unreadable because it was encrypted. The effect was to prevent the XP box from booting, same message, no HDD. Disconnecting the SSD allowed the XP box to boot once again.

Back on the Win 10 box I made sure the first boot option was the DVD drive. I inserted the Win 10 boot disk and powered it up. The DVD drive buzzed but it didn't boot from the disk, just got the no HDD message again.

I'm done. I will return this PC killing slab of silicon to the vendor tomorrow.

Ken