Australian Digital Forensics Conference

Document Type

Conference Proceeding

Publisher

School of Computer and Information Science, Edith Cowan University, Perth, Western Australia

Abstract

The research aimed to determine the efficacy and integrity of several hard-drive disk deletion tools on solid state drives (SSDs). SSDs contain new technologies such as wear-levelling and device under provisioning to provide efficient functionality and speed for data management, but the same technologies may also provide obstacles to ensuring that all information is fully removed from the drive. Furthermore SSDs stores files in 4KB pages, yet data can only be deleted in 512KB blocks. This function uses the disk controller to remove all the pages from the block a file is being deleted from, storing the pages in a disk controlled cache. Once the whole block has been reset, the valid data is retrieved from the cache and replaced on an available block. The reset block is added to the SSDs free space. The specific purpose of this paper was to discover if any data was recovered, especially from the disk controlled cache while testing various tools and methods for their effectiveness of securely wiping data off SSDs. All tools except the GNU core utility DD left some file information which was recovered, though none of the recovered files was loadable. Additionally, the paper introduces the concept of the TRIM functionality and provides a baseline further research into this feature. Finally, a comparison of methods for securely deleting Solid State Drives is provided.

Comments

7th Australian Digital Forensics Conference, Edith Cowan University, Perth Western Australia, December 3rd 2009.

DOI

10.4225/75/57b2875c40cce

Share

 
COinS