Flash Drives Don't Purge All Deleted Data

By: Absolute Team | 3/5/2011

Recent research released at the Usenix FAST 11 conference by University of California researchers indicates that files stored on flash-based solid-state drives (SSDs), like USB devices, can be nearly impossible to delete using traditional means.

USB devices and other SSDs often store sensitive data. The ability to use a given sanitization method to remove sensitive data is core to data security. SSDs, which differ quite dramatically from hard drives in terms of data storage, are complex to sanitize. This research paper challenges the assumptions of the effectiveness of existing sanitization techniques.

For sanitizing entire disks, built-in sanitize commands were found to be effective, if done correctly. However, the study showed that none of the available software techniques for sanitizing individual files were effective. Overwriting of files was also found to be ineffective.

In some cases, research showed that SSDs would incorrectly indicate files are "securely erased" when secondary file copies remained. This puts a red flag into existing data security practices. As much as 67% of data was found to remain after deleted.

You can download the paper here [PDF].

Via The Register, Security News Daily

Financial Services