Question How to safely and securely erase an external SSD drive.

Status
Not open for further replies.

HowieGinDC

Honorable
Mar 23, 2016
9
0
10,510
I would like to securely erase my 1TB "Sandisk Extreme Pro Portable SSD." I understand that data-overwriting programs like Eraser and DBAN are inappropriate for SSD drives. The proprietary program to manage my device is Western Digital Dashboard, and it does have an erase utility, but for my device it states. "No erase is available, please use your system BIOS to erase the device." This message persists even after I put my computer to sleep and reawaken it to clear the "frozen" security status of the device. As for the system BIOS, I have an ASUS Z-390E motherboard that has a built-in erase function, but only for the Samsung 970 EVO NVMe SSD containing the operating system (Win 10) that is installed on the motherboard. The Sandisk external drive does not show up in the BIOS.

Is there a way to securely erase the contents of this drive without damaging it? Thanks.







SSD 970 EVO NVMe
 

HowieGinDC

Honorable
Mar 23, 2016
9
0
10,510
Thanks for that video, but sheesh, I am not that desperate to give it away.

Is it possible that the files cannot (absent brain surgery on the device) be securely deleted? If so, I will never be able to throw it away!

You could try removing the drive from external enclosure and installing directly into M.2 slot in your pc.
Unfortunately is is glued to M2 to USB adapter. Removal is rather tricky.

View: https://www.youtube.com/watch?v=8svMczNQgSA
 

USAFRet

Titan
Moderator
Thanks for that video, but sheesh, I am not that desperate to give it away.

Is it possible that the files cannot (absent brain surgery on the device) be securely deleted? If so, I will never be able to throw it away!
One solution....full disk encryption.
VeraCrypt.

Whatever is on it would be 'encrypted'. Without the password, absolutely NO access.
The new user will have to reformat it completely.
 

JWNoctis

Respectable
Jun 9, 2021
443
108
2,090
It's all dependent on your threat profile.

Full-disk encryption is not useful in this case, if it was not used from the start.

For drives without cryptographic erase, a simple guard against common data recovery would be several full rewrites, though that's not actually a guarantee to my understanding with all the wear leveling and overprovisioning going on. EDIT: And that's before you open the can of worms in the form of compromised firmware, though for most users that would be pretty off the deep end into tinfoil hat territory.

The real current standard for high-value data is physical destruction. Few could read stuff off broken pieces of flash chip, and no one would get anything back if you throw it into a volcano...That was a joke, but you see my point;)
 
Last edited:

HowieGinDC

Honorable
Mar 23, 2016
9
0
10,510
That's my understanding as well that full-disk encryption has to be enabled before any data is written to the disk. So basically it's the equivalent of an old-fashioned paper dossier: just don't lose it and shred or burn it when you're done with it.
 

USAFRet

Titan
Moderator
Delete any data on it.
Create a VeraCrypt volume with whatever the largest size is possible.

This reformats the drive, and encrypts that space.
Overwriting whatever fragments may have been left behind, and they would be in that encrypted vol.
 

JWNoctis

Respectable
Jun 9, 2021
443
108
2,090
Delete any data on it.
Create a VeraCrypt volume with whatever the largest size is possible.

This reformats the drive, and encrypts that space.
Overwriting whatever fragments may have been left behind, and they would be in that encrypted vol.
I don't think that would do anything more than zero-filling or regular low-level reformatting the drive, as far as overprovisioning and wear-leveling went.

But if OP does not expect anything like a costly and probably-targeted attack involving drive disassembly and raw flash dump and/or some compromised firmware, either would be more than enough.
 

USAFRet

Titan
Moderator
I don't think that would do anything more than zero-filling or regular low-level reformatting the drive, as far as overprovisioning and wear-leveling went.

But if OP does not expect anything like a costly and probably-targeted attack involving drive disassembly and raw flash dump and/or some compromised firmware, either would be more than enough.
Yeah, either would probably work.
 
Nov 30, 2021
1
0
10
I was in a similar predicament as OP, except for the hardware manufacturer. My decision was to perform a simple low-level format on the SSD (a few times, perhaps) and proceed. Sure, this will shorten the life of a SSD, but not by much unless you make it a habitual practice. Of course, all the shortcomings remain with regard to over-provisioning, wear-leveling, etc., but this should be of little concern for the tyro. Be sure only to pass it forward to someone you trust and has no interest in harvesting your old data. Before long, all the blocks will have seen multiple write and erase sequences, garbage collection and TRIM commands that conventional means of data recovery will be rendered useless. Your options here are not limited. Software (Active@ KillDisk comes to mind) that support SATA Secure Erase will completely destroy all data without degrading the SSD's performance, restoring the SSD to its original out-of-box state. Here's the rub; this method presents HUGE unforeseen consequences (we're talking fatal damage to media) resulting from instances like power interruption, unauthorized SSD extraction, cat gnawing through cable, etc.
 
Status
Not open for further replies.