-
Notifications
You must be signed in to change notification settings - Fork 2
Add noatime option in /etc/fstab.
SSDs maintain a layer of indirection between the logical addresses used by computer systems to access data and the internal addresses that identify physical storage. This layer of indirection hides idiosyncratic media interfaces and enhances SSD performance, reliability, and lifespan. But it can also produce copies of the data that are invisible to the user and that a sophisticated attacker could recover.
For sanitizing entire disks, sanitize commands built into the SSD
hardware have been found to be effective, but manufacturers sometimes
implement them incorrectly.
On Linux, you can use hdparm to send ATA command, e.g. 'Security Erase
Unit'.
Overwriting the entire visible address space of an SSD twice is usually, but not always, sufficient to sanitize the drive.
In testing, none of the software techniques were effective for sanitizing individual files. These included well-known algorithms such as the Gutmann method, US DoD 5220.22-M, RCMP TSSIT OPS-II, Schneier 7 Pass, and Mac OS X Secure Erase Trash.
- Michael Wei, Laura M. Grupp, Frederick E. Spada, Steven Swanson (February 2011). "Reliably Erasing Data From Flash-Based Solid State Drives"