I understand traditional methods don’t work with modern SSD, anyone knows any good way to do it?
Physical destruction. It’s the only way to be 100% sure.
Here is an alternative Piped link(s):
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
No. Most SSDs actually contain far more storage internally than the SSD controller exposes. They then even out the wear and tear of the flash memory “packages” by cycling through the various packages and, given there being more packages than actually exposed for use, this offers a level of redundancy so the device lasts longer.
Because of this, wiping the logical device (e.g. zero filling or writing random data multiple times) doesn’t actually guarantee every storage package is written to / overwritten. Thus data may still reside even after wiping (that can be accessed by reading the packages directly and skipping the controller which abstracts these packages into a virtual block device).
Some SSDs offer a secure wipe tool that does a low level wipe of every page or wipes out an encryption key and generates a new one but not every SSD on the market offers that feature.
From the company my org has used to decommission old hardware; an industrial grinder is sadly the most assured way to guarantee no data can be recovered.
If it’s really an issue where “if the data on this SSD falls into the wrong hands, lives will be ruined” sort of thing, my favorite data security tool for this job is a bench grinder. Difficult to put the data back together when the flash chips are powder scattered throughout 14 different shop surfaces and at least two lungs.
A special feature known as SSD secure erase. The easiest OS-independent way is probably via CMOS setup – modern BIOSes can send secure erase to NVM Express SSDs and possibly SATA SSDs.
Did this already, it took 1 second for a 2TB drive. Would you trust that?
It is the only approved method for data destruction for the several banks and government agencies I support. If they trust it, I trust it.
I have checked a couple of times out of curiosity, after a secure erase the drive is as clean as if it had been DBANed. Sometimes things are standards because they work properly.
Most SSD/flash secure erase methods involve the storage having full disk encryption enabled, and simply destroying the encryption key. Without the encryption key the data can’t be deciphered even with the correct password, as the password was only used to encrypt the encryption key itself. This is why you can “factory reset” an iPhone or Android in seconds.
Thanks for this informative answer. Then it would make sense that it took only 1 second, then again, I have a modern Asus motherboard (AM5) with a Western Digital NVMe drive, and that drive isn’t listed as Secure Erase compatible on Asus motherboard. I will download the WD dashboard and do it that way, I didn’t know it existed before I posted this question.
Encrypted volume and burn the encryption key
