Closed ghost closed 2 years ago
dngray
commented
2 years ago Erasing specific files has nothing to do with magnetic or flash storage. The issue with trying to overwrite sectors/nand memory of specific regions is that you cannot be certain the data hasn't been copied somewhere else first ie, swap.
The TLDR of that page is we do not recommend it period, if files are sensitive the disk should be fully encrypted.
ghost
commented
2 years ago Well, you're wrong and what is below is backed up by studies and academic references
dngray
commented
2 years ago Erasure tools like this should never be trusted, what if the storage device fails in warranty and you want to return it? I just don't see the point when FDE comes these days at really no significant cost.
ghost
commented
2 years ago Those erasure tools for SSDs are provided by the manufacturers.
The others are just classic Linux tools like shred
ghost
commented
2 years ago I'm just saying, if your FDE is compromised, and you didn't Trim your SSD, then files are recoverable
ghost
commented
2 years ago As on an HDD it would be the same if you didn't use a tool like shred
dngray
commented
2 years ago backed up by studies and academic references
That guide is not a reliable source of information. It waffles on without really getting to the point and then goes in all sorts of directions that require significant work from the user. This is why we don't recommend anyone bother with it.
Those erasure tools for SSDs are provided by the manufacturers.
Not single file tools, from what I've seen, and then even if they were would you really trust them? SSDs support Secure ATA Erase and that applies to a whole disk environment.
Linux tools like shred
Still doesn't get over the fact that data might be swapped to disk and therefore unencrypted or what not. There are many things that could go wrong. Data may be in a place that is occupied.
if your FDE is compromised, and you didn't Trim your SDD, then files are recoverable
That's highly unlikely, and now i think you're just trolling or ignorant. TRIM is not an anti-forensic mechanism. The only paper mentioned there was this one and it will only apply where such narrow circumstances are true.
If the device is ever lost, stolen or returned for warranty you'd be unable to issue TRIM, deletion commands all your data will be available. The is there is no substitute to encryption that's why it is on by default, with modern phones, tablets, etc.
TommyTran732
commented
2 years ago Don't forget CoW filesystems ;) Trim is really not going to save you there
dngray
commented
2 years ago Don't forget CoW filesystems ;)
Which NTFS is not, that specific study was a Windows machine with NTFS.
Every time I see TGHOA mentioned I cringe, because it's the most god awful document to read, and that's just because it's so poorly presented and often includes terrible advice.
TRIM has nothing to do with forensics, and the fact that that guide introduces it as if it could or does, shows the quality of it. TRIM does not clear NAND cells, it simply marks them as unused.
Description
First issue
The "Erasing Specific Files" section does not mention that traditional secure erase is totally possible on HDD (Magnetic)
Second issue
The "Erasing Specific Files" section does not mention that for some extra paranoia, you can at least issue a Trim operation after deletion of files on an SSD/NVMe. Studies have shown that it's close to impossible to recover after a Trim.
https://www.privacyguides.org/advanced/erasing-data/#erasing-specific-files