Securely erase a solid-state drive

On this page:


Overview

Secure drive erasure is the process of erasing all or part of a storage device so that the data it contained is difficult or impossible to recover. Standard methods of secure drive erasure do not work with solid-state drives (SSDs).

Hard drives vs. SSDs

To securely erase data, hard disk drives fill the occupied space on the drive with a file consisting of zeroes or execute multiple writes of different characters; for more, see Securely wipe disk drives. Flash storage has an inherent limitation in that data may only be written to and erased from a given location a certain number of times. This number is typically over 10,000, but it's still possible a user could hit that limit over the life of the storage device.

To address this problem on solid-state drives, manufacturers use wear-leveling algorithms that evenly distribute data among SSD blocks, which means that data is constantly moved around on the drive so the blocks will be worn at an equal rate. A side-effect of wear-leveling is that a file's data blocks aren't always kept adjacent to one another but could be distributed and disjointed. Wiping programs like DBAN have a hard time identifying all the far-flung data blocks, so they don't do a good job of secure deletion on an SSD. Standard secure deletion tools damage SSDs by performing an unnecessary number of additional writes without being able to tell where the data is written.

Securely erase a solid-state drive

To securely erase data from a solid-state drive, use one of the following methods:

  • Manufacturer-specific software

    If possible, use software provided by the manufacturer of the drive to erase an SSD. Many manufacturers offer software that allows for securely erasing the drive, as well as other functions such as updating firmware or checking the health of the drive. Use the instructions provided by the manufacturer to erase the SSD.

    If you cannot locate the manufacturer of your SSD, or if the manufacturer does not provide software for securely erasing the drive, you can try using a generic utility:

  • Encryption

    Many recently introduced SSDs encrypt data by default. In such cases, you may be able to quickly sanitize the device by deleting the encryption key, which renders the data on the drive irretrievable. Contact the drive manufacturer to see if this option is available and enabled.

  • Physical destruction

    If the above methods fail and the data absolutely must be made irretrievable, physically destroy the drive.

Verify that the drive has been securely erased

Use data recovery software to verify that the SSD no longer contains data. A number of data recovery software packages are available, ranging from freeware to commercial software products. PartedMagic and GParted (listed above) include recovery options.

Best practices

Don't store data you want to protect unencrypted on a solid state drive; encrypt the whole drive from the beginning. This way, even if an attacker did recover data from the SSD, it would be encrypted and unreadable.

If the drive is fully encrypted and there is no worry of the decryption key being used, a simple format of the entire drive will work.

If you need to dispose of an SSD and had at some point stored unencrypted data on it, or if the decryption key may have been compromised, you might choose physical destruction.

Learn more

For more, see:

This is document aiut in the Knowledge Base.
Last modified on 2022-12-09 15:25:39.