SSD firmware destroys digital evidence

[mkultra]

ssd's are not used for storing data anyway, well not in a near future at least.

screw pedos, so let's mess with 99% of the population personal data because 1% might use this for doing illegal stuff. You can wipe a mechanical hard drive too if you want

[mo' power]

Quote:

Originally Posted by FiXT

From a consumer perspective, imagine if Mr.KiddiePorn gets away because his SSD erases critical evidence of the crime

If Mr.Kiddieporn's pc gets confiscated during a raid, I'm pretty sure his incriminating pics and videos will still be on the ssd if he's using it for storage.

[AkG]

Quote:

Originally Posted by mo' power

If Mr.Kiddieporn's pc gets confiscated during a raid, I'm pretty sure his incriminating pics and videos will still be on the ssd if he's using it for storage.

Yup AND if Mr. innocentButPCn00b's comp gets confiscated they pron he didnt KNOW about (say thumbnails when he searched for something innocent sounding...with BAD results...like say manga images) will be GONE and he wont have his life ruined.

[_dangtx_]

so basically, whether youre a crook, a pedobear approved and certified bugger or just your run of the mill noob, its all good?

[frontier204]

...so require an ITGC disable jumper that the investigators can use the second they get their hands on the drive.
I know there's the issue of what happens before the drive is confiscated, but then again there's that risk with anything. I think just about any drive is fast enough these days that you can wipe a significant amount of data in a couple hours, provided that you aren't dealing with terabytes of the stuff, in which case it would be strange if they DON'T get you before you've stockpiled that much.

[ZZLEE]

Create something idiot proof and they will make a better idiot.
_____________________________________

LOL

Where is my decaf stick

[Chilly]

What frontier said, create a SSD standard where if two contact points are shorted(be it a jumper, or otherwise) that all garbage collect+trim features will be disabled for the time being.

Boom, simple solution, no special overreaching big brother DRM solutions required, just a simple jumper that disables GC+TRIM features in situations where it might be useful such as data recovery.

I agree with Fixt, its actually an issue because data recovery is important to enterprises, forget about the police, goverment, etc, its an important tool for businses.

[thenewguy001]

Quote:

Originally Posted by MacJunky

Thenewguy, that is what frequent backups are for. ;)

it never seems to be frequent enough. If you accidentally delete 4 hours worth of work, it's much better to be able to recover the data in 4 minutes as opposed to spending another 4 hours redoing it.

[Squeetard]

Quote:

The drive's firmware is responsible for remapping blocks, and so the OS can't really control what happens whenever the OS tries to permanently delete things by asking the drive nicely to do so. Consequently, if the drive decides it's best to remap the logical block silently while not deleting the cell contents, then the OS doesn't realise the data is still there. That's what the other SSD study noted.

On the other hand, in this situation, the thing doing the purging is the drive's firmware itself, not the OS, and the firmware knows for sure where the data is in the cells, and furthermore it's on a mission - to purge cells that it knows the filesystem is no longer using for data.

The purging that is being done here, is taking place with the specific intention of getting cells freshened up and ready to be written to in future without delay. Consequently we can reasonably expect that the drive firmware really *wants* to nuke cells that contain real data that is no longer needed according to the filesystem metadata since that's the only way to boost performance, and that's the GC's job.

If you want to check for yourself, try carrying out reads at the sector level yourself after running the experiment with the experimental setup described in the paper. You won't get much.

Quote:

Ibas recommendation is that SSD disks containing classified information should yet not be discarded at this point in time. SSDs should rather be stored securely. Within 6 - 12 months the erasure industry is expected to release products that enables secure deletion of all information on SSDs.

We have 2 sides to this issue.

1. SSD's firmware is clearing cell content, this makes it almost impossible for a user to recover accidentally deleted information.
2. SSD's leave miniscule traces of previous read write operations on a cell. Forensics experts say that this is harder to conceal than magnetic media.