[LINK] Self-erasing flash drives destroy court evidence

Thu Mar 3 13:04:24 AEDT 2011

On Wed, Mar 2, 2011 at 8:55 PM, Bernard Robertson-Dunn
<brd at iimetro.com.au> wrote:
> Self-erasing flash drives destroy court evidence
> 'Golden age' of forensics coming to close
> By Dan Goodin in San Francisco
> Posted in ID, 1st March 2011
> The Register
> http://www.theregister.co.uk/2011/03/01/self_destructing_flash_drives/

Thanks for the Link.. I' ll see what the Rogister has to say. It's
funny that this piece sees the light just days after I read this other
one, claiming data on SSDs is almost impossible to erase ;)

Study: SSDs Are Resistant to Current Data Erasing Techniques
Jason Mick (Blog) - February 22, 2011 10:15 AM
http://www.dailytech.com/Study+SSDs+Are+Resistant+to+Current+Data+Erasing+Techniques/article20965.htm

My gut feeling is that this is a tempest in a teapot.

Regardless of which of these reports you prefer the problem is
obvious: SSDs have its own internal magician that writes data at the
time it wishes and on the sectors it wishes, based on its own internal
algorithms.

Basically, SSDs have firmware with its own optimization routines that
in order to maximize flash life and minimize access times, lies to the
OS. It says it's written something somewhere, but in order to save
expensive (slow) flash writes, it doesn't always end up writing that
data in the next flash memory sector. In fact, for what I' ve read it
can shuffle around areas with frequent writes to maximize the overall
life of the whole drive.

Those kind of "optimization algorithms" do not exist on a spinning
hard drive, which only understands of Cylinders, heads, and sectors.
Yes, there might be some virtualization and on-the-fly-translation
going on (faking heads and sectors to comply with BIOS limits) but
data writes are respected and data is not "moved around" by the
drive's firwmare as happens with SSDs.

I have mixed feelings with SSDs... for one I like the nzero seek
times, and the peace of mind that a crashed head won't ruin an entire
drive's contents.

On the other hand, I wouldn't run any apps that do a lot of saving in
small batches, like torrent downloads to a SSD. The OSs also need to
be optimized for SSDs in order to minimize writes. Really, what's the
point of the OS doing a disk write every time you decide a given icon
in your desktop 20 pixels to the left or right, instead of just saving
the icons' positions on the desktop when you invoke a system
shutdown?.

How will SSDs challenge data forensics? I don' t know, but I' d like
to think the issue is moot. Criminals will use the cloud, emails and
other telecommunication networks at one point or another and that's
where they' ll get caught, just as happens today.

In fact, I wonder how many criminals convicted actually got a chance
to attempt to erase their hard drives before they got handcuffs in
their wrists and a gun pointing at their head... so that forensics had
to be used to recover it.

FC
PS: People can use free Open Source software like "Eraser" to erase
their spinning hard drives today http://eraser.heidi.ie/ which lets
you choose among many government data erasing standards (which
supposedly re-writers the same sector so many times that makes "ghost"
magnetic data from previous generations overwritten as well). Did the
availability of these tools prevent any criminals from being
convicted? I don't think so. The hard drive is just a small part of
the evidence in any criminal case. Just my $0.02