2

I don't want to erase the SSD itself, only a specific folder and the files that are in from the SSD. How do I securely erase that? is there a free software or CMD Windows command? Thanks

user1261995
  • 21
  • 2
  • 3
    I'm absolutely sure I've already answered a very similar question, but I can't find it. The short answer is "it's not possible to do this reliably under any OS". The workaround is to only store files in encrypted form. – gronostaj Jan 14 '21 at 10:11
  • If it wasn't an SSD, you could use [`sdelete`](https://docs.microsoft.com/en-us/sysinternals/downloads/sdelete) – JW0914 Jan 14 '21 at 11:40

1 Answers1

3

Due to wear levelling and other features that are outside the operating system control you cannot simply overwrite files on an SSD. Trying to "secure erase" a file on an SSD by overwriting it will simply write to other blocks on an SSD.

The only way to erase a block would be to delete the file, then immediately issue a TRIM for the blocks it occupied.

You can TRIM free space in Windows using the "Defragment and Optimise Drives" tool (use the Windows start menu search to find it). For HDDs the tool will defragment a disk but SSDs will be TRIMed instead. Select the disk the file was on and then click Optimise.

The only downside is that you have no way to know when exactly the data will be gone. It could be minutes or even hours or days, but it will eventually be gone. How long it takes is down to disk activity and the drive controller itself.

If you absolutely have to have the data gone now, then deleting it, sending TRIM, and then rewriting all of the free space might clear it, but it depends on the SSD itself. There is no guarantee about what blocks are erased and rewritten or in what order on an SSD. Doing this will definitely waste write cycles on a lot of space though.

Mokubai
  • 89,133
  • 25
  • 207
  • 233
  • 1
    The procedure you propose in the last paragraph may not work because SSDs have hidden extra storage used by controllers for overprovisioning, so by design not all of the storage is directly writable. Accessing it requires low-level access that's not possible with regular PC hardware, but such low-level access is necessary to exploit the wear leveling issue too. – gronostaj Jan 14 '21 at 10:30
  • 1
    @gronostaj yeah, it's a difficult one, hence I used "should"... though even that could be too strong a word. Perhaps "might" and saying there are no real guarantees on SSDs? – Mokubai Jan 14 '21 at 11:11
  • 1
    Yes, that would be more accurate IMO. Anyway, the real issue here could be an unreasonable threat model. If the adversary is capable of dumping flash chips off an SSD, why isn't the disk encrypted in the first place? If FDE is considered an overkill, is concern about wear leveling and overprovisioning justified? – gronostaj Jan 14 '21 at 11:28