Troubleshoot How do I securely wipe data on a laptop with a SSD ?

jetman

Level 10
Thread author
Verified
Well-known
Jun 6, 2017
477
Hi-

I have purchased a second hand laptop on ebay which has a SSD. I would like to make sure that the SSD is securely wiped clean before re-installing Windows 10.

The main reason I want to do this is in case the previous owner used it for criminal activities or had illegal photographs on the laptop. I'm sure they are an honest person but its better to be safe than sorry !

Usually I would use DBAN or ccleaner and do multiple over-writes of the disk. However, I understand that SSDs work differently and this method is not advised. Therefore, please could someone recommend a way in which I could ensure the previous owner's data is thoroughly erased ?

Thanks.
 

Digerati

Level 7
Verified
Well-known
Mar 2, 2017
318
but i really find Guttman algorithm or similar unnecessary. A couple of passes will make the data unrecoverable mostly. 35 passes is a waste of time and writes.
Well you are talking hard drives, not SSDs. Again, you do not "wipe" SSDs. For hard drives, the worry is about "residual magnetism" that might represent 1s and 0s (data) being left behind.There is no such magnetic residue in SSDs.

Technically, 1 pass is more than enough for a hard drive. A single pass will thwart the efforts of any readily available recovery software and it will take a "determined" forensic expert using highly sophisticated (read: expensive!) equipment to maybe successfully retrieve any data after that. And even then, it will be data clusters, not entire files. Note this is exactly why data recovery services for people who accidentally delete their precious data can cost many $100s or even $1000s!

For the record, you don't even have to "wipe" a hard drive. In the past, I have just filled a drive with music files, did a "quick" format (to mark all the spaces as free again) then filled the drive with music files again. This is actually faster than wiping. "IF" there was any data left, it was only a spattering of tiny fragments - like one or two pieces here and there from several 1000 piece jigsaw puzzles.

Only drives containing classified data of the utmost national security interests need more passes. But having been involved in supporting and destroying such data for many years, we just shredded the drives. Even now that I have retired from the military, if a civilian client is that concerned, we have access to one of these and be done with it.

If the drives do not hold government secrets, industrial espionage information, or evidence of criminal activity, it is important to remember typical badguys are lazy opportunists. They go for the easy pickings. If they find a hard drive, they will scan it with one of those recovery programs I listed above, and if nothing exploitable or worth value is found, they will quickly move on to the next drive. They are not going to waste their time digging deeper, even if they have the equipment and expertise - unless they are targeting you specifically and know there is something of value on that drive.
 
Upvote 0

RoboMan

Level 35
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,485
Well you are talking hard drives, not SSDs. Again, you do not "wipe" SSDs. For hard drives, the worry is about "residual magnetism" that might represent 1s and 0s (data) being left behind.There is no such magnetic residue in SSDs.

Technically, 1 pass is more than enough for a hard drive. A single pass will thwart the efforts of any readily available recovery software and it will take a "determined" forensic expert using highly sophisticated (read: expensive!) equipment to maybe successfully retrieve any data after that. And even then, it will be data clusters, not entire files. Note this is exactly why data recovery services for people who accidentally delete their precious data can cost many $100s or even $1000s!

For the record, you don't even have to "wipe" a hard drive. In the past, I have just filled a drive with music files, did a "quick" format (to mark all the spaces as free again) then filled the drive with music files again. This is actually faster than wiping. "IF" there was any data left, it was only a spattering of tiny fragments - like one or two pieces here and there from several 1000 piece jigsaw puzzles.

Only drives containing classified data of the utmost national security interests need more passes. But having been involved in supporting and destroying such data for many years, we just shredded the drives. Even now that I have retired from the military, if a civilian client is that concerned, we have access to one of these and be done with it.

If the drives do not hold government secrets, industrial espionage information, or evidence of criminal activity, it is important to remember typical badguys are lazy opportunists. They go for the easy pickings. If they find a hard drive, they will scan it with one of those recovery programs I listed above, and if nothing exploitable or worth value is found, they will quickly move on to the next drive. They are not going to waste their time digging deeper, even if they have the equipment and expertise - unless they are targeting you specifically and know there is something of value on that drive.
Yes, that's my point. Nobody will go after him for that disk, and if the government does, he will not be the one in trouble. If they could track the HDD they will surely know it is not his.

I was, indeed, talking about hard drives up there.

And that video on the disk destroying is (holy moly) amazing and good for stress!
 
Upvote 0

Digerati

Level 7
Verified
Well-known
Mar 2, 2017
318
Digerati, as I understand there is no a real working method to destroy data on SSDs except for a hammer to break it
Sure there are.

And I would not trust that method since they have no mechanical parts you can't be sure it's not working anymore!
Right. Since a SSD is made up of multiple non-volitile memory devices (they maintain their data after power is removed), you would have to ensure every chip is thoroughly smashed.

But that is not the only way. You could zap it, shred it, drop it in an acid bath, or incinerate it. But destroying the actual drive (so it cannot be used again) is not the same as securely erasing the data but sparing the drive so it can be used again.
And that video on the disk destroying is (holy moly) amazing and good for stress!
And that is a small shredder! When I was on "shredding detail" in the military, we used an industrial grade shredder. And when I worked for a major defense contractor, the shredder we used was mounted on the back of big flatbed truck that came around once a month. And yes, it is always a great stress reliever watching something be totally destroyed. :cool:
 
Upvote 0

RoboMan

Level 35
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,485
There's always a more certain way to perfectly clean a disk...

s11.jpg
 
Upvote 0

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
On all SSD disks, if the operating system supports TRIM, the deleted files are always deleted permanently and they are never recoverable.

Hence the uselessness of the operation of wiping that, as in the case of defragmentation, due to the large number of writes, helps to reduce the life of the SSD drive.

When you delete a file from an SSD, this not simply marks the corresponding sectors as "free" by making them available for new writes (it is the behavior of a traditional hard drive).
In the case of SSDS and flash memory, contents are erased in blocks composed of multiple units called "pages". When part of the information is removed, for example, at the request of the user, the SSD move the portions of the block that need to be preserved in the new block and then erase the entire block.
This process, called garbage collection, contributes a lot to increase the number of writes (write amplification is undesirable but it is inevitable for SSD and flash memory in general).

It seems even more clear that the use of utilities like Dban, etc is absolutely counterproductive for the SSD.
Dban, because of a large number of writes, helps to reduce the life of the SSD drive and it can not check where the operations are carried on writing. It is in fact the controller of the SSD responsible for the management of the scriptures, not allowing to reach the result.

The concept of "secure deletion" in the case of traditional hard drives is so profoundly different compared to SSD and flash memory in general.

Typically, then, to securely erase the data by minimizing the write operations, it is sufficient to make sure that the operating system supports the TRIM command and that its use is actually enabled.
 
Last edited:
Upvote 0

Kuttz

Level 13
Verified
Top Poster
Well-known
May 9, 2015
630
Parted Magic will do the job for you. It has secure erase feature that can permanently, irrecoverably erase data on an SSD within 2 seconds. With secure erase feature there is no need to overwrite an SSD 10 or 20 times for irrecoverable data wipe which unnecessarily depletes an SSDs limited write cycles.
 
Upvote 0

Digerati

Level 7
Verified
Well-known
Mar 2, 2017
318
On all SSD disks, if the operating system supports TRIM, the deleted files are always deleted permanently and they are never recoverable.
That's not true! That assumes TRIM runs in real-time and immediately purges old storage locations whenever you delete a file, or whenever garbage collection happens. That is NOT the case. If TRIM immediately zeroed out data, that would cause excessive wear and tear on the drive.

Here's another good read: Ask Ars: How can I securely erase the data from my SSD drive?

as in the case of defragmentation, due to the large number of scriptures have done, helps to reduce the life of the SSD drive.
Please explain. You don't defrag SSDs. In fact, Windows will not allow it. That is why the Windows defragger is now called Optimize Drives. When the OS encounters a SSD, it knows not to run the defrag feature on it.

Parted Magic will do the job for you.
As suggested in my first post yesterday.
 
  • Like
Reactions: Kuttz
Upvote 0

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
That's not true! That assumes TRIM runs in real-time and immediately purges old storage locations whenever you delete a file, or whenever garbage collection happens. That is NOT the case. If TRIM immediately zeroed out data, that would cause excessive wear and tear on the drive.

Here's another good read: Ask Ars: How can I securely erase the data from my SSD drive?

Please explain. You don't defrag SSDs. In fact, Windows will not allow it. That is why the Windows defragger is now called Optimize Drives. When the OS encounters a SSD, it knows not to run the defrag feature on it.

As suggested in my first post yesterday.
I will explain to you if I was not clear.

1. No defragmentation

Of course, and indeed as I said, in the case of SSD, defragmentation is a damaging operation.
During the defragmentation lots of writing operations have carried out and after defragmentation, you will not get any benefit as it happens in the traditional HDD.

2. Do not perform the "secure erase" of the data

The special TRIM command allows the operating system to indicate those data blocks are not in use on a SSD: for example the areas released after the deletion of one or more files. All the most recent operating systems support the TRIM command.
On operating systems that support the TRIM command, the data is deleted instantly and permanently by the SSD disks as soon as they are removed from the user.


Respectfully, I invite you to read serious technical documents.
 
Last edited:
Upvote 0

Digerati

Level 7
Verified
Well-known
Mar 2, 2017
318
I am not going argue. Unlike you, I have provided multiple links to support what I say instead of just expecting everyone to believe me just because I say so. And I have read many technical documents on the topic as part of my job supporting the most secure government networks. No way will any competent IT security admin allow a SSD that contained sensitive data on it leave the organization without running a secure erase program on it, or without shredding the drive. And that includes SSDs that are encrypted, as most in such scenarios are.

That Ars article explains why TRIM is not necessarily secure. SSD makers, as seen below, provide secure erase utilities simply because TRIM does not work the way you claim and until you show any evidence to the contrary that applies to ALL SSDs, I will say this, then step out. (1) Not all SSDs implement TRIM as you suggest - especially by default. (2) Indicating data blocks are not in use is not the same as obliterating the data stored there. And "respectfully" (3), telling users "Do not perform the "secure erase" of the data" is not responsible advice. Stating it in such a manner and without any corroborating evidence or explanation suggests performing that task is detrimental in some way. It is not. If you don't wish to secure erase your discarded SSDs, that's fine. What is not fine is telling every one else not to.

Here are links to a few manufacturer utilities.
If you have a drive from a different maker, visit their website.
 
Last edited:
Upvote 0

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
@Digerati

On an SSD, the secure erase is not effective, but also harmful. The reason is simple: the SSD driver 'knows' the NAND cells where are present the data and not the operating system; therefore, a erasing software would not know the physical location of data to delete.
Besides, this is useless, thanks to TRIM, the data of the NAND cell is removed completely and immediately after the operating system has given the order to delete a file, a folder or another; if this were not the case, the memory cell could not be rewritten easily. Therefore, it is already TRIM to implement a definitive cancellation as I said.

The Secure Erase, which you say, allows the electrons to be deleted from the NAND by putting them in a “erase” state (what TRIM recognizes as “to be deleted”). In fact the SSD does send a spike of voltage to all of the NAND available at the same time; in this way, all memory blocks (including buffer) are restored in one shot.
During this operation, the SSD must be “locked” and password protected until the end; if something were to go wrong (for example, a power outage, or human error), there is the risk of brick and to make it definitively unusable.

Which link I have to post? I have worked for many years in this sector, but obviously we come from two different schools...

PS:

It doesn't exist a meeting point, I've pointed out concrete facts, documented by years of professional experience and not based on random web pages.

I would like to avoid those who think they know everything better than those who have in front and they don't hesitate showing this alleged superiority with salacious criticism and highlighting that only they know what is right or what is wrong.

Have a nice day Mister "That's NOT true."!!
 
Last edited:
Upvote 0

jetman

Level 10
Thread author
Verified
Well-known
Jun 6, 2017
477
After reading the above I think I will...

1. Factory reset the laptop- which probably reinstalls Windows plus the bundled software.
2. Encrypt the drive with bitlocker.
3. Fill up the SSD with files- just MP3s etc until it is more or less full. Then delete them.
4. Then re-install Windows from startup using a USB and select the option to format the disk.

I reckon that will be more than enough. Sounds OK to others ?
 
Upvote 0

Digerati

Level 7
Verified
Well-known
Mar 2, 2017
318
On an SSD, the secure erase is not effective, but also harmful.
So once again, you make a claim and fail to back it up with ANY supporting documentation. You just expect everyone to believe you just because you say so. :( Because you have years of professional experience? Yeah right. You can follow the home page link in my profile to see if I might know something about supporting hardware on secure systems and then note I still don't expect readers to simple believe my words are the Gospel because I said them.

The reason is simple: the SSD driver 'knows' the NAND cells where are present the data and not the operating system; therefore, a erasing software would not know the physical location of data to delete.
How silly is this? Of course the OS does not know where the data is. It is not the operating system's job - regardless if SSD or HD. That is what the file tables are for. This is why you can boot from a secondary drive, move data around, boot from the main OS drive and guess what? The main OS can find the file because the file tables have been updated.

And since when do SSD drivers know where the data is? Never! That's when. You are just making stuff up now. :(

It is also clear you have no clue how erasing software works. Like hard drive wipe programs, secure erase programs don't care where the data is. All they care about is clearing the data in EVERY storage location.
The Secure Erase, which you say, allows the electrons to be deleted
Electrons to be deleted??? OMG! :eek: No doubt Einstein would be very interested in knowing how to "delete electrons". :rolleyes:

if something were to go wrong (for example, a power outage, or human error), there is the risk of brick and to make it definitively unusable.
Come on! This is just ridiculous! Why run a wipe or secure erase? Because you are getting rid of the drive and don't want a badguy to retrieve your passwords, bank account numbers, or other sensitive data. "IF" something were to go wrong and you brick the drive, so what?

Something can go wrong every time you cross the street. Does that mean you should never cross the street?

Come on people. PLEASE do your own home work. If you don't want to believe the sources I provided, use your friend Bing Google to see for yourself how Secure Erase works, why it is not dangerous when used properly, and most importantly, why you should use it when your SSDs are changing hands or being discarded.
 
Upvote 0

mlnevese

Level 28
Verified
Top Poster
Well-known
May 3, 2015
1,741
After reading the above I think I will...

1. Factory reset the laptop- which probably reinstalls Windows plus the bundled software.
2. Encrypt the drive with bitlocker.
3. Fill up the SSD with files- just MP3s etc until it is more or less full. Then delete them.
4. Then re-install Windows from startup using a USB and select the option to format the disk.

I reckon that will be more than enough. Sounds OK to others ?

Personally I would stop on step 1 and save your time and all the trouble. As it has been pointed previously in the thread you have no reason to worry about what may have been recorded on the disk previously,
 
Upvote 0

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top