Data Removal Processes for a Solid State Hard Drive

Article Summary:This article explains the industry standard methods of disk sanitization for solid state hard drives (SSD).

Disk Sanitization Methods for Solid State Hard Drives

In this article, the term "disk sanitization" refers to the process of eliminating all data on the storage device so that it is impossible to recover.

There are currently three conventional methods for sanitizing SSD’s. These three methods apply to sanitizing an entire physical disk, but not specific files or folders.

• ATA Secure Erase - The SSD firmware has an embedded command set that will overwrite all data on the SSD. This command can be managed by software that runs within a bootable environment.
• Cryptographic Erase - On Self-Encrypting SSD’s, the encryption key can be changed or erased, which leaves all the encrypted data indecipherable, and therefore unrecoverable.
• Media Destruction - Department of Defense standards approve of this method if compliant with specific guidelines.

It should be noted that sanitization methods for spindle hard drives do not apply to SSD’s.

Using ATA Secure Erase for Solid State Hard Drives 

This is a common method of sanitization for non-encrypted SSD's. It is designed to put the drive in a raw state by overwriting each bit of data as a zero. The command set exists within the SSD firmware, and management of the process is conducted by software that operates within a bootable environment on a USB key.

Dell do not recommend any software capable of utilising this process but you can find some useful information on the subject at https://en.wikipedia.org/wiki/Data_erasure 

Using Cryptographic Erasure on a Self-Encrypting Drive

On a self-encrypting hard drive (SED), the encryption key is stored within a small storage area on the drive, and the SED internal hardware passively encrypts and decrypts the incoming and outgoing data respectively. Access to the drive occurs through either software pre-boot authentication or a BIOS password.

Encryption management software allows a system administrator to delete and regenerate the encryption key residing in the SED, which leaves the previously written data indecipherable and therefore securely unrecoverable. As with ATA Secure Erase, the drive is left in a raw state, and a new key is generated within the drive.

Using a Furnace or Shredder to Destroy the Drive

Products are available that destroy SSD media through smelting or shredding. This is the only method of SSD sanitization approved by the United States Department of Defense and the National Security Agency. The DOD/NSA standard for smelting SSD’s requires a licensed furnace rated at 1,600 degrees Celsius. The DOD/NSA standard for shredding SSD media requires that fragments be reduced to less than 2 millimeters in edge length using an NSA/CSS evaluated shredder.

More information regarding DOD/NSA compliant sanitization for SSD’s can be found on the NSA site: Media Destruction Guidance .