Jump to content
CCleaner Community Forums
rjo98

SSD and secure deletion options in CCleaner and Recuva

Recommended Posts

From everything I've read, secure overwriting done by software does not wipe/erase files on SSDs.  I notice that if you enable the secure overwrite in CCleaner, it doesn't give any warning that this does not work.  Shouldn't it, if Windows can detect you have a SSD and it disables the auto defrag of the drive due to that?  I think it gives a false impression that people's files are unrecoverable, when they really are, yet you're just killing your SSD faster from all the extra writes.

 

What do you guys think? 

 

Also, somewhat off topic but somewhat related and could be interesting, but if someone with an SSD has to work on sensitive info that they don't want to be recovered, how would you suggest they do so since they can't securely overwrite files on a SSD?

Share this post


Link to post
Share on other sites

Also, somewhat off topic but somewhat related and could be interesting, but if someone with an SSD has to work on sensitive info that they don't want to be recovered, how would you suggest they do so since they can't securely overwrite files on a SSD?

Those sort of occupations and organisations don't think about wiping sensitive data - they work on the principle of physically destroying the drive.

Let's face it, even with the higher cost per meg of SSD's, killing the drive and getting a new one is better than having sensitive data surface somewhere you don't want.

Share this post


Link to post
Share on other sites

Secure erase on an SSD can't overwrite the data page, it writes on a new page and the old page is flagged as invalid. So whilst it's true that you can't actually overwrite a specific page it doesn't mean that the old data is recoverable, as no invalid page is ever returned to the user. Furthermore the data is most likely to be encrypted, so bypassing the controller and reading the pages directly with some sneaky hardware will be of no use.

 

If you have TRIM enabled on your O/S and SSD, then any file deletion is effectively a secure delete. The TRIM command will mark the pages as invalid, and the SSD controller's garbage collector routines will wipe the pages clean and return them to the free page pool.

 

Win8's SSD optimise issues a TRIM command to all unallocated (at the file system level) pages, I believe. A sort of global clearup for all those pages that might have missed the TRIM for some reason.

 

CC's secure delete (one pass only) does a similar thing, at the expense of additional writes. It edits the file, which means that the old data pages are marked as invalid and will be wiped by the garbage collector. I would not do a wipe free space, far too heavy handed for me.

 

Regarding TRIM I think that it's one of those commands that doesn't require a response or confirmation, it is just issued then life carries on regardless. I'm not sure if it is supported in USB connected devices. So you may be trimming away and nothing is happening. Most users won't notice.

 

Oh yes, the CC writeup says that Drive Wiper will detect an SSD. I don't have an SSD so can't test that. I think that not detecting SSD's on secure file deletion is fine, as this is a specific task against one or more files, unlike Drive Wipers global action.

 

SSD's in normal use are far more secure than HDD's if you have TRIM.

Share this post


Link to post
Share on other sites

Hello @ Augeas - There is one little trick I've learned using Linux Mint that will accomplish what you've described by using Linux's fstrim command. 

 

1.) Boot into a live CD session of Linux Mint.

 

2.) Open Gparted and select the SSD by using the tab on the right side of the panel to toggle between /dev/sda, /dev/sdb, /dev/sdc, and so on. If there's only one hard drive on the system, it will usually be /dev/sda. If there's more than one, you'd better pay close attention here - you do not want to select the wrong device! Once you are absolutely certain that you have selected the correct device, create a new ms-dos partition table on the SSD. Then create a single new partition using the entire unallocated space on the SSD. Format it ext4, since ext4 supports trim. Exit Gparted. (*Note: Before closing Gparted, take note if this new partition is assigned /dev/sda1, /dev/sdb1, /dev/sdc1, or whatever - see Step 3-b below.)  

 

3.) Open the command terminal and enter the following:

 

a.) sudo mkdir /media/SSD ### Creates a new directory /media/SSD

 

b.) sudo mount /dev/sda1 /media/SSD /mnt ### Mounts the ext4 partition on the SSD to the new directory /media/SSD. (*Note: Change /dev/sda1 to /dev/sdb1 or /dev/sdc1 to match exactly what you noted in Step 2 above.)    

 

c.) sudo fstrim -v /media/SSD ### Issues a trim command to the directory /media/SSD. You will get a response "xxxxxxxxxxx bytes have been trimmed". 

 

4.) Sit back 15 minutes or so and let the SSD's firmware perform garbage collection. Then try using Recuva to see if any data is recoverable.

Share this post


Link to post
Share on other sites

Blooming heck, I think I'd just let TRIM do its job (win 7 upwards) or run CC's SSD optimise on XP.

Share this post


Link to post
Share on other sites

Blooming heck, I think I'd just let TRIM do its job (win 7 upwards) or run CC's SSD optimise on XP.

 

Hello @ Augeas - Actually, performing the above operation goes much quicker than trying to describe the operation. I'd like to test it to be 100% certain that it duplicates a secure erase, but given the fact that I installed Windows 7 on my Crucial M500 SSD just this last Monday, and all of the angst I went through in doing so, I think I'll put it on my list of "Things to do when I'm completely bored and can't think of anything else to do". ;)

 

EDIT: I nearly forgot, here's a link to an article I came across last night on the topic of performing a secure erase.

http://raywoodcockslatest.wordpress.com/2014/04/21/ssd-secure-erase/

 

The last paragraph: "Assuming TRIM was properly implemented in the SSD, and assuming the drive was otherwise eligible (e.g., no corruption), it seemed that one potentially workable approach was simply to perform an NTFS quick format of a SATA-connected SSD, encrypt the entire drive with something like TrueCrypt, do another format, and then leave the drive connected for a while, so as to let TRIM do its work. Since the implementation of TRIM in a particular SSD could not be verified, it appeared that a combination of these steps with other methods (above) might provide the most reliable response to the task of securely erasing an SSD."

Share this post


Link to post
Share on other sites

OK, so sounds like if TRIM is enabled on the drive, really just a normal delete becomes like a secure delete after some time.  But how can you confirm when that happens, or if it did happen for a particular file.

Share this post


Link to post
Share on other sites

You can't, because it happens at the SSD controller level. The only thing you can do is run a Recuva deep scan and look at what's found. If your file isn't there then it's gone forever.

 

I think that there are some circumstances where the TRIM command is not executed, but you would have to Google that. In the main just let TRIM do its work, with perhaps the occasional Win8 Optimise or the equivalent every few months or so. Well, that's what I would do if I had an SSD.

Share this post


Link to post
Share on other sites

... the occasional Win8 Optimise or the equivalent every few months or so. Well, that's what I would do if I had an SSD.

 

that's the only maintenance my SSD gets.

every month or so, I type optimise in the Search field, click the Defrag and Optimise Drives program, check how many days it shows since last run and if it is getting up near 100 I click Optimise.

Share this post


Link to post
Share on other sites

basically it initiates a TRIM

 

(I should also elaborate, all other automatic processes/services to the SSD are disabled)

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...