Secure Wipe SSD/NVMe Drives?

[The_Geek]

So, Need to know what is the best procedure to Secure wipe SSD/NVMe Drives so that the data is not recoverable, other then the "Take a Hammer" to the drive method. The wipe needs to be fast, secure and easily doable on a personal machine and at work. HD secure wiping is assumed NOT to be the same for SSD/NVMe drives.

[Mira Yurizaki]

See if the manufacturer has a tool first. Otherwise you can use a tool like PartedMagic.

 

Note that secure erase to the point of "unrecoverable" and "fast" tends to be mutually exclusive.

[Faisal A]

You can securely delete data by deleting it and then randomly writing over it. This is done many times in "passes". The more passes you do, the more secure. I will try to find you the software. Try reading this PDF : https://www.trendmicro.co.uk/media/resource_lib/general/how-to-erase-data-securely-en.pdf

[Electronics Wizardy]

17 minutes ago, Mira Yurizaki said:

See if the manufacturer has a tool first. Otherwise you can use a tool like PartedMagic.

 

Note that secure erase to the point of "unrecoverable" and "fast" tends to be mutually exclusive.

well most ssds can do a secure wipe very fast as they encrypt everything and just delete the old key and make a new one. Thats what the secure earse command does on most drive

16 minutes ago, Faisal A said:

You can securely delete data by deleting it and then randomly writing over it. This is done many times in "passes". The more passes you do, the more secure. I will try to find you the software. Try reading this PDF : https://www.trendmicro.co.uk/media/resource_lib/general/how-to-erase-data-securely-en.pdf

the whole write over a drive has an issue with ssds where there is still some data left due to how data is moved around to make the drives last longer by spreading out writes. This isn't huge issue for most people as that extra data isn't readable by a computer normally.

 

Multple passes aren't recommended anymore per nist 800-88, either do a single pass for when data isn't that important, secure easre for a bit better, and destroy the drive. The hole read a drive after one pass hasn't be done on any recent hardware.

[dfsdfgfkjsefoiqzemnd]

The problem with tools that overwrite drives is that they were designed for HDDs and don't account for wear leveling on SSDs moving things around.  The best way to securely erase an SSD (apart from physically destroying the chips) is to fill it completely with files that contain random data.  And even then you won't have access to the NAND that's reserved for over-provisioning (replacing damaged/worn cells).

 

I used a small tool called Dummy to create several files in various sizes (from 100MB to 50GB) that I store on my NAS. 

Whenever I need to securely erase an SSD or flash drive, I copy those files over to fill the drives as much as possible.  Then I check the drive's properties to see how many bytes are still free and use Dummy to create a file that's exactly that size.  It's quite labor-intensive, but I haven't come across a method that's actually better.

 

No idea if Dummy works on Win10, I only used it on older versions. 

[The_Geek]

That's too much work to erase a SSD. I would rather just take a hammer and finish the job that way. What I am trying to find out is that if there is a Logical Industry approved way to dispose off SSD's. The Platter HD's have many applications that would guaranty a secure wipe, but in my research I have not found an Industry standard for this kind of storage. With SSD's becoming cheaper and Enterprise moving to SSD's there has to be a way to make sure the drives can be wiped clean....

 

[Electronics Wizardy]

Just now, The_Geek said:

That's too much work to erase a SSD. I would rather just take a hammer and finish the job that way. What I am trying to find out is that if there is a Logical Industry approved way to dispose off SSD's. The Platter HD's have many applications that would guaranty a secure wipe, but in my research I have not found an Industry standard for this kind of storage. With SSD's becoming cheaper and Enterprise moving to SSD's there has to be a way to make sure the drives can be wiped clean....

 

thats what the ata secure erase command is for. most drives are encrypted, they just delete the key and almost instantly all the data is gone.

 

Or just encrypt all the data you store on the drive, then you don't even have to erase it.

 

 

But no erase is perfect, so destroy the drive if the data is extremely important.

[dfsdfgfkjsefoiqzemnd]

The best way is to use software-based encryption (something like Veracrypt) before you start putting data on the drives.  Then afterwards you just format the drive and it's all random noise.

 

EDIT : The wizard beat me to it.  

[seagate_surfer]

We have a tool for the Seagate drives called Seatools, which offers a feature to complete the secure erase, below a little more information if you want to read more about it:

Seagate Instant Secure Erase (ISE) with SeaTools Instructions | Seagate Support US

How to Securely Erase Your Hard Drive | Seagate 

 

And yes! As the wizard said, if data is too important you either pay a Data Destruction lab to destroy the unit or you destroy it yourself... 

 

[Kedohawyr]

Don't try overwriting the drive, it's terrible for the drive's health and won't even delete all the data from someone with the tools to recover it since some 'overwritten' data will inevitably be brushed under the rug in the overprovisioned area and missed.

 

Either go to the manufacturer's website and download their secure erase tool (which will activate a TRIM like command to perform the clear operation on every single cell ensuring the drive is nothing but zeros) or physically destroy the NAND chips on the drive.

[The_Geek]

The issue I am having is finding such Manufacturer utility for the drives that I bought. I bought Inland Premium NVMe drives. $95/1TB NVMe, They are fast, almost same or better speeds than Samsung, 3100/1900 MB R/W speeds, but I cant seem to find their site or utilities. I even wrote to their tech support but no reply.

[Electronics Wizardy]

12 minutes ago, The_Geek said:

The issue I am having is finding such Manufacturer utility for the drives that I bought. I bought Inland Premium NVMe drives. $95/1TB NVMe, They are fast, almost same or better speeds than Samsung, 3100/1900 MB R/W speeds, but I cant seem to find their site or utilities. I even wrote to their tech support but no reply.

Try a generic program then. Give hdparm a shot https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase

 

Or since you bought them, just encrypt everything you store on it and you don't have to wipe at all.