Subscribe via RSS Feed

But, wait! (More on SSDs and e-discovery)

March 1, 2011 0 Comments

OK, just last week I wrote a post on a report out of UCSD regarding difficulties in erasing data from solid-state disks (SSDs). But now out of Australia comes a somewhat contradictory report that some SSDs actually erase ‘slack’ (unused) space themselves without any user or system intervention — and, furthermore, that they can do so even when disconnected from a computer and a ‘write blocker’ installed:

After conducting a series of experiments comparing a sample Corsair 64GB SSD with a conventional Hitachi 80GB magnetic hard drive (HDD), the team found a layer cake of data recovery problems caused by the ‘garbage collection’ or purging algorithms used in SSDs to keep them at peak performance.

After examining an SSD for traces of data after it had been quick formatted, the team expected the purging routines to kick in around 30-60 minutes later, a process that must happen on SSDs before new data can be written to those blocks. To their surprise, this happened in only three minutes, after which only 1,064 out of 316,666 evidence files were recoverable from the drive.

Going a stage further, they removed the drive from the PC and connected a ‘write blocker’, a piece of hardware designed to isolate the drive and stop any purging of its contents. Incredibly, after leaving this attached for only 20 minutes, almost 19 percent of its files had been wiped for good, a process the researchers put down the ability of SSDs to initiate certain routines independent of a computer.

For comparison, on the equivalent hard drive all data was recoverable, regardless of the time elapsed, as a forensic examiner would expect

“Even in the absence of computer instructions, a modern solid-state storage device can permanently destroy evidence to a quite remarkable degree, during a short space of time, in a manner that a magnetic hard drive would not,” the team concludes.

The results are concerning on a number of levels, forensic, legal and technical.

Yeah, I’ll say, though I suspect most of the concerns are legal and forensic. Hat tip to Slashdot.  ..bruce..

 

About the Author:

Webster is Principal and Founder at at Bruce F. Webster & Associates, as well as an Adjunct Professor for the BYU Computer Science Department. He works with organizations to help them with troubled or failed information technology (IT) projects. He has also worked in several dozen legal cases as a consultant and as a testifying expert, both in the United States and Japan. He can be reached at 303.502.4141 or at bwebster@bfwa.com.

Leave a Reply

You must be logged in to post a comment.