SilverTip257 wrote:
On Thu, Jun 12, 2014 at 10:35 AM, James B. Byrne byrnejb@harte-lyne.ca wrote:
On Wed, June 11, 2014 18:31, Frank Cox wrote:
<snip>
I have a question about SSD respecting security. Recently I have been investigating sanitizing these devices, together with 'smart-phones, tablets and pads which use flash memory persistent storage. Not to
mention the
ubiquitous USB 'memory stick'. I have come to the rather unsettling conclusion that it is effectively impossible to 'sanitize' these things short of complete and utter physical destruction, preferably by
incineration.
Is this in fact the case?
<snip>
I've come to the same conclusion. Due to controller wear leveling and TRIM, it is difficult to fully sanitize a flash memory (USB flash, SSD).
A former employer of mine contracts out destruction of conventional hard drives with a machine that has a hydraulic arm and a wedge. Effectively bending the platters and some of the drive. Hardware destruction (prior to recycling/disposal) in certain business sectors is common place.
Where I work, some of the systems (which are behind an *internal* firewall) have PII and HIPAA data - we're serious about protecting that stuff. When we surplus a server, the drive must be certified to be sanitized - that is, for the ones I do, which is most of them, I need to sign my name to a form that gets stuck on the outside that it's sanitized, making me *personally* responsible for that.
We use two methods: for the drives that are totally dead, or *sigh* the SCSI drives, they get deGaussed. For SATA that's still running, we use DBAN. *Great* software. From what I've read, one pass would probably be good enough, given how data's written these days. With my name certifying it, I do paranoid, and tell DBAN the full 7-pass, DoD 5220.22-M. I *really* don't think anyone's getting anything off that.
We don't have any SSDs, so I can't speak to that. Bet you could deGauss them, easily enough. Or maybe stick 'em on a burner on a stove to get over the Curie point....*
mark
* Techniques that a techie group I belong to refer to as "things to do in someone else's kitchen"