SilverTip257 wrote: > On Thu, Jun 12, 2014 at 10:35 AM, James B. Byrne <byrnejb at harte-lyne.ca> > wrote: >> On Wed, June 11, 2014 18:31, Frank Cox wrote: <snip> >> I have a question about SSD respecting security. Recently I have been >> investigating sanitizing these devices, together with 'smart-phones, >> tablets and pads which use flash memory persistent storage. Not to mention the >> ubiquitous USB 'memory stick'. I have come to the rather unsettling >> conclusion that it is effectively impossible to 'sanitize' these things >> short of complete and utter physical destruction, preferably by incineration. >> Is this in fact the case? <snip> > I've come to the same conclusion. Due to controller wear leveling and > TRIM, it is difficult to fully sanitize a flash memory (USB flash, SSD). > > A former employer of mine contracts out destruction of conventional hard > drives with a machine that has a hydraulic arm and a wedge. Effectively > bending the platters and some of the drive. Hardware destruction (prior > to recycling/disposal) in certain business sectors is common place. Where I work, some of the systems (which are behind an *internal* firewall) have PII and HIPAA data - we're serious about protecting that stuff. When we surplus a server, the drive must be certified to be sanitized - that is, for the ones I do, which is most of them, I need to sign my name to a form that gets stuck on the outside that it's sanitized, making me *personally* responsible for that. We use two methods: for the drives that are totally dead, or *sigh* the SCSI drives, they get deGaussed. For SATA that's still running, we use DBAN. *Great* software. From what I've read, one pass would probably be good enough, given how data's written these days. With my name certifying it, I do paranoid, and tell DBAN the full 7-pass, DoD 5220.22-M. I *really* don't think anyone's getting anything off that. We don't have any SSDs, so I can't speak to that. Bet you could deGauss them, easily enough. Or maybe stick 'em on a burner on a stove to get over the Curie point....* mark * Techniques that a techie group I belong to refer to as "things to do in someone else's kitchen"