Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Data Recovery & Solid State

CmdrTaco posted more than 6 years ago | from the oops-sorry-you're-screwed dept.

Data Storage 249

theoverlay writes "With all of the recent hype about solid-state drives in both consumer applications and enterprise environments I have a real concern about data recovery on these devices. I know there are services for flash memory restoration but has anyone been involved in data restoration projects on ssd drives? What are the limits and circumstances that have surfaced so far? What tools will law enforcement and government use to retrieve data for investigations and the like?"

Sorry! There are no comments related to the filter you selected.

SSDs have one infallible data recovery option (-1, Offtopic)

Amiga Lover (708890) | more than 6 years ago | (#22209680)

Which is the same infallible data recovery option for any media. Multiple, cascading, incremental and offsite backups.

Trusting data to just one piece of media is being broken in the head.

Re:SSDs have one infallible data recovery option (5, Informative)

jeffmeden (135043) | more than 6 years ago | (#22209756)

-1, didn't read the question. He is NOT asking about how reliable the drives are, since he acknowledges that ANY media can fail. Instead, he asks about recovery options when there are no other alternatives, such as extreme disasters or criminal cases where data was intentionally lost. This is a good question, I look forward to constructive answers and the discussion that follows. Yours, however, is a dead end.

Re:SSDs have one infallible data recovery option (1, Interesting)

Z00L00K (682162) | more than 6 years ago | (#22210010)

Most filesystems only does a removal of the reference to a file when a file is deleted. A few may offer the added feature of overwriting when deleting a file. If I remember right OpenVMS actually has an option to the DELETE command that allows this.

The second question here is if it is possible to recover data that has been overwritten on a solid state device. It is possible on magnetic disks, but a solid state device is encapsulated in a much more rigorous manner which means that it will be a lot harder. However, it may still be possible using the right equipment.

And don't forget: Never store your important data under the directory /tmp or /var/tmp on any *NIX machine. It will be erased! I know that this has happened, since I was working for a company where a consultant did EXACTLY this. That consultant stored all his sources there! And the system erased all files older than 14 days, and since it was /tmp there was no backup. That person had to do it the HARD way because there was no way that there was any possibility to recover that data. I have no idea what became of that consultant after that was cleaned up, but I sure hope that he at least didn't make that mistake again!

One of the classical Murphy's law [murphys-laws.com] moments...

Re:SSDs have one infallible data recovery option (4, Funny)

sm62704 (957197) | more than 6 years ago | (#22210630)

...criminal cases where data was intentionally lost

You can completely and unretrievable wipe data from both paper and disk drives. With paper, shredding is no good but a single match or Bic will do the trick. Cheaper than a shredder, too. With a disk drive, just disassemble it and sand off all the oxide. Or alternatively, if you have a smelter or other really really hot mass of molten metal, you can just drop the thing in there. The smelter option works for CDs and tape as well.

Or you can bury it in the bridge abutment your construction company is building with tax dollars, right next to Jimmy Hoffa.

Oh oh, am I on my way to Gitmo now?

-mcgrew

(still no journal although the last one was updated Friday. Mod me down for this?)

fire insufficient in and of itself... (2, Interesting)

Firethorn (177587) | more than 6 years ago | (#22210986)

Having operated a makeshift incinerator a few times, I have to point out that fire can be insufficient in and of itself.

I've actually held bits of ash with legible writing still on it. I was burning old checks for my parents.

I wouldn't count it destroyed until the ashes are stirred well.

Re:SSDs have one infallible data recovery option (1)

TubeSteak (669689) | more than 6 years ago | (#22209864)

When someone asks a question like: "What tools will law enforcement and government use to retrieve data for investigations and the like?"

The issue isn't just 'how do I recover data' it's also 'how do I erase it permanently'

In my experience, you can recover anything that hasn't been overwritten on a flash drive with most recovery programs.

Keep in mind, that even if you've "erased" your files, not all wipe/erase programs will delete the file & folder names from your drive. Programs like DirSnoop can recover the names, if not the files.

well that makes it easy (1, Interesting)

Anonymous Coward | more than 6 years ago | (#22209992)

Just put your drug deals, k1dd13 pr0n, and terrorist plans in a file called attorneyconfidential.doc. That way when you erase them you can claim attorney-client privilege with a straight face.

Re:SSDs have one infallible data recovery option (5, Informative)

JesseL (107722) | more than 6 years ago | (#22210126)

One confounding aspect of trying to permanently erase things from solid state drives is the fact that most flash drives incorporate wear-leveling. You may not be able to over write specific physical sectors without just overwriting the whole drive several times.

Re:SSDs have one infallible data recovery option (1)

Zerth (26112) | more than 6 years ago | (#22210822)

Yup, it can be extra hard to wipe a flash drive without knowledge of its particular wear-leveling algorithm. In these cases, Fe2O3+2Al is your friend.

SSDs have one infallible data erasure option (4, Insightful)

Amiga Lover (708890) | more than 6 years ago | (#22210166)

Which is the same infallible data erasure option for any media. Incineration.

Trusting data loss to just one delete command is being broken in the head.

MOD PARENT UP (not a troll) (0, Offtopic)

mkcmkc (197982) | more than 6 years ago | (#22210394)

Parent is not a troll--his answer is the answer to this question.

If you're wanting to know about recovery for security purposes, as in, "how do I destroy this thing so that no one can recover data from it?", that's an interesting and useful question. If you're just wanting to know out of general curiosity, it's also an interesting question.

But if you're thinking about what might be possible as part of disaster recovery, you've completely lost the plot. This thought seems to spring from the same well as the idea that "mirroring" can be used for backups. No, no, a thousand times no.

Re:MOD PARENT UP (not a troll) (1, Informative)

Anonymous Coward | more than 6 years ago | (#22210760)

You and the troll above completely missed the point. Did you even read the post?

The submitter wants to know what tools are available to recover data from a SSD, not how to protect data. What tools do or will law enforcement use to recover data from an SSD? Does a criminal simply need to switch to using SSD and simply erase the data, then write over the disk once more and everything is completely gone forever, no chance of recovery?

Such tools as... (5, Funny)

Anonymous Coward | more than 6 years ago | (#22209684)

What tools will law enforcement and government use to retrieve data for investigations and the like?"

Waterboarding, tasers, sleep deprivation, bright lights and loud obnoxious music.

Re:Such tools as... (5, Funny)

Anonymous Coward | more than 6 years ago | (#22210416)

I like loud obnoxious music you insensitive clod!

Re:Such tools as... (5, Funny)

urcreepyneighbor (1171755) | more than 6 years ago | (#22210510)

Waterboarding, tasers, sleep deprivation, bright lights and loud obnoxious music.
Sounds like my last date. :(

Re:Such tools as... (4, Funny)

ari_j (90255) | more than 6 years ago | (#22210540)

No wonder she never called back.

Re:Such tools as... (4, Funny)

Nodamnnicknamesavial (1095665) | more than 6 years ago | (#22210624)

Wow, Kenny G will have a busy schedule for the next few years.

Re:Such tools as... (1)

TheGratefulNet (143330) | more than 6 years ago | (#22210988)

suppose 'bad guys' are at your door, trying to 'steal' your computer records.

can you erase your disk? not really, not fast enough.

you can grind cd/dvd roms - they make paper shredders that take opto discs.

much better though: a hammer smashing a usb key drive! no amount of 'forensics' can recover broken silicon chips.

there you go - anti-spook protection should you need it. afterall, its a dangerous world out there. many 'people' mean you harm.

Honk! Honk! (3, Funny)

tripwirecc (1045528) | more than 6 years ago | (#22209702)

I'd figure the same as with regular harddisks apply. One pass and gone the data is.

Re:Honk! Honk! (4, Informative)

Vicarius (1093097) | more than 6 years ago | (#22209764)

Actually with regular/magnetic drives data is not gone forever with one pass. You can still use specialized readers that will detect change in magnetic field and be able to tell whether the analyzed bit was 0 or 1 before it was overwritten.

Re:Honk! Honk! (5, Informative)

tripwirecc (1045528) | more than 6 years ago | (#22209886)

That may have worked with old drives, forensics experts tell me these MFM/RLL things, but with modern drives and the used recording tech, it's practically impossible. But hey, keep pandering to these myths.

Re:Honk! Honk! (5, Funny)

Hal_Porter (817932) | more than 6 years ago | (#22210156)

How do we know you're not an NSA mole, paid to persuade us that one pass is enough? Or maybe your experts are an NSA moles and they've tricked you.

Re:Honk! Honk! (2, Interesting)

afidel (530433) | more than 6 years ago | (#22210206)

You are wrong [usenix.org] , in fact the small feature size of modern HDD's actually makes it easier in some cases as the smaller magnetic domains are harder to flip so even small changes in alignment will mean that recoverable data will be left behind.

Re:Honk! Honk! (4, Insightful)

Anonymous Coward | more than 6 years ago | (#22210516)

You're citing a 1996 paper when discussing modern HDDs?

Re:Honk! Honk! (2, Insightful)

afidel (530433) | more than 6 years ago | (#22210706)

Why not, GMR technology was already on its way out of the lab by 1996, the only HDD tech more advanced than that is vertical recording which is still new and only used in a handful of drives.

Re:Honk! Honk! (1)

misleb (129952) | more than 6 years ago | (#22210756)

The only difference between theory and practice is that, in theory, there is no difference. Congrats for referencing the same old paper that everyone else references on this subject. Now try finding reports of people who've actually recovered a meaningful amount of data from a drive that has been overwritten with random data.

Re:Honk! Honk! (3, Interesting)

Firethorn (177587) | more than 6 years ago | (#22210816)

I figure the requirements for a 21 pass overwrite scheme is still a requirement for sanitizing government drives for a reason.

Is it overkill? Certainly. But apparently 3 passes isn't considered enough.

Now, a simple overwrite is considered sufficient for flash, so we do have some standards.

Re:Honk! Honk! (5, Informative)

Jah-Wren Ryel (80510) | more than 6 years ago | (#22210800)

You are wrong, in fact the small feature size of modern HDD's actually makes it easier in some cases as the smaller magnetic domains are harder to flip so even small changes in alignment will mean that recoverable data will be left behind.
You are wrong. [auckland.ac.nz] You should have cited the author's follow-up to the original paper, like I just did.

Here's the relevant part of new epilogue:

Looking at this from the other point of view, with the ever-increasing data density on disk platters and a corresponding reduction in feature size and use of exotic techniques to record data on the medium, it's unlikely that anything can be recovered from any recent drive except perhaps a single level via basic error-cancelling techniques. In particular the drives in use at the time that this paper was originally written have mostly fallen out of use, so the methods that applied specifically to the older, lower-density technology don't apply any more.
In fact, the same man has written paper that somewhat addresses the original question regarding forensic recovery of erased data in sold-state memory for usenix 2001. [cypherpunks.to]

Re:Honk! Honk! (2)

gardyloo (512791) | more than 6 years ago | (#22210804)

Given the _same_ coercivity of a magnetic domain, given temperature, and a given external field, I would think smaller domains should be _easier_ to flip, on average, than large domains. The nearest- and next-nearest-neighbor influences would be much larger for small domains than large ones. After all, given the scaling laws of diffusion-driven "averaging" processes, fluctuations spaced closer together always converge to an average much faster than those spaced further apart.

      I _guess_ that the linked article is talking about the possibility of recovering data from the "edges" of data tracks, based on some remnant domain orientations due to the small widths of the write/erase heads. I can see how smaller domains might help retain data in that case.

Re:Honk! Honk! (1)

richlv (778496) | more than 6 years ago | (#22210912)

hmm. are we talking here about cat /dev/zero > /dev/sda or cat /dev/random (or urandom) ?
because while i can clearly see that being possible with zeroes, overwriting with random source doesn't look such a likely candidate for recovery.
now, if i had some information i would like to be really gone, i'd probably use /dev/zero and [u]random at least a couple times each. anybody (except the known cia moles :) ) with insight how possible could _that_ be for recovery ?

not impossible (1)

tempest69 (572798) | more than 6 years ago | (#22210210)

The chinese used some very impressive tech to read the hard drives from a US surveillance plane, where the data was overwritten, and then melted with thermite. Magnetic domains aren't that easy to erase, it like erasing a whiteboard with a slotted eraser, there will still be traces of the magnetic domains even after two rewrites. And the extra data that drives store for CRC info helps a bunch in getting the data right.

Re:not impossible (3, Interesting)

smooth wombat (796938) | more than 6 years ago | (#22210836)

where the data was overwritten, and then melted with thermite.


WHAT?!!!! I'm hoping I'm parsing your sentence incorrectly because any hard drive subjected to thermite becomes nothing but a puddle of molten then solidified metal.

What I'm hoping you meant to say was that even though the hard drives in our surveillance plane had been subjected to thermite, parts of the drives remained intact enough so the data on the unmelted parts could be retrieved despite the data also having been overwritten.

Allow/Deny?

Re:Honk! Honk! (1)

angus_rg (1063280) | more than 6 years ago | (#22210950)

I'm not a forensic expert, and don't even play one on TV, practically impossible isn't how I would describe the likely hood of retrieving data.

When write heads write, the are kind of like an analog device, they don't stop on the drop of a dime, so when writing to a sector, it may be a hair off and you can make out what was there before. With the help of checksums, you can sometimes fill in the blanks if one of the bits is unreadable. The biggest problem you have is finding a write that was before the deleted file.

There's a reason the DoD had/has a policy of writing 5 passes to a disk. Something like 1 pass Zeroing, another Oning, and the rest random. As I said before, I'm no expert, so I don't know how likely they'll find it, but, the more you write and defrag, the less likely.

Re:Honk! Honk! (5, Informative)

Jagen (30952) | more than 6 years ago | (#22209920)

That is a myth based on a theoretical paper. The principle is good, but you would need to know the starting voltage of each bit and exactly how many times that bit had been written to. Overwrite your files once, and they're gone, for good.

Re:Honk! Honk! (1, Interesting)

Anonymous Coward | more than 6 years ago | (#22210450)

As someone who makes a living doing forensic recovery from drives that have been wiped please keep propagating the one overwrite myth...

Re:Honk! Honk! (1)

misleb (129952) | more than 6 years ago | (#22210628)

Actually with regular/magnetic drives data is not gone forever with one pass. You can still use specialized readers that will detect change in magnetic field and be able to tell whether the analyzed bit was 0 or 1 before it was overwritten.


Yes, that is the common myth. And some say it is theoretically possibly. But nobody has ever published anything that I am aware of showing it actually being done. Can you point to reports of anyone actually do it? Anyone sell these "special readers?"

That said, i think it depends on WHAT you overwrite the data with. If you just use all zeros, then ya, you MIGHT be able to see what was there before, but if you write random data, I doubt you'll be recovering much, if anything. Maybe you'll get lucky and read some off-track writes, but I dunno.

-matthew

Re:Honk! Honk! (5, Insightful)

farkus888 (1103903) | more than 6 years ago | (#22209794)

I know that is not enough to securely wipe a traditional hd. the current standard is 7 passes of random 1s and 0s. even worse than that, I have had people who formerly worked nsa tell my that really sensitive data is only considered gone when they have dismantled the drive and melted the platters in acid.

Re:Honk! Honk! (2, Interesting)

Aardpig (622459) | more than 6 years ago | (#22209912)

I seem to recall hearing that US spy planes have a special 'eraser' built into onboard HDDs, that behave like arc welders. Turn it on, and within less than a second the platters are completely slagged.

Re:Honk! Honk! (1)

farkus888 (1103903) | more than 6 years ago | (#22210050)

built into the device? now that is cool! personally I've always wanted to watch one of the thermite grenade emergency data "deletions"

Re:Honk! Honk! (0, Offtopic)

phillips321 (955784) | more than 6 years ago | (#22210072)

I wish the US would spend more time inventing special 'erasers' that behave like god sends. Turn it on, and within less than a second the mother-in-law completely disappears.

Re:Honk! Honk! (4, Funny)

uncqual (836337) | more than 6 years ago | (#22210552)

I believe the requested feature is best implemented in the file system layer rather than the physical media layer (SSD vs. HD).

There is a good proof-of-concept available (but it currently works only for wives) that could probably be easily enhanced to implement the mother-in-law eraser function (actually, perhaps it's already there, I've not used Reiser4 much).

Re:Honk! Honk! (4, Informative)

FesterDaFelcher (651853) | more than 6 years ago | (#22210472)

Not in less than a second, but all of the hard drives we used on the AWACS plane had toggle switches that would begin writing random 1s and 0s to the drive for as long as there was power applied. One complete rewrite took appox 15 seconds, and the T.O. specified flipping the switch at least 2 minutes before a catastrophic event (read: plane crash). We also had another tool for physical destruction of our equipment, commonly called an "axe". :)

Re:Honk! Honk! (5, Interesting)

segfaultcoredump (226031) | more than 6 years ago | (#22210046)

While it is true that the data can be recovered after multiple passes, what most folks forget to mention is the level of effort required to recover such data.

Think hanging chads, but on a much larger scale.

You get to pull the disks, and start walking them with an electron microsocope looking for the 'residual' images. Then you get to make a guess as to the 'bit' being a 1 or a 0. Then you get to start assembling a filesystem on top of all of that.

Yes, it is possible, but it would take a very, very long time.

Generally speaking, overwriting the data _once_ is enough to tormet your local law enforcement agency. The level of effort required is just too much for them to deal with the issue given the other things that they need to do. (rumor has it that in the old days they could just modify the firmware to shift the drive heads over a touch, but that trick does not appear to work as much with newer drives since there is not much space between tracks anymore)

The reason that the Military/NSA/FBI/CIA want to actually destroy the disks is because even though it is _difficult_, it is still _possible_ to recover the data.

Please note that for this to work, you must overwrite the actual sectors on the disk (aka "wipe"), not just blow away the metadata (aka "delete")

Re:Honk! Honk! (2, Interesting)

nasor (690345) | more than 6 years ago | (#22211008)

And perhaps more importantly, there are currently no established forensic procedures for recovering data that has been overwritten. Police can't just use any random forensic procedure that they feel like - only certain established procedures can be used, and at present no such procedure exits. Which means that even if it were physically possible for the police to do it, the resulting evidence would almost surely be inadmissable in court. The NSA might take an electron microscope to your hard drive if they think you have the plans for China's new invisible tank on it or something, but in general the police won't be able to do a thing.

Re:Honk! Honk! (3, Informative)

SharpFang (651121) | more than 6 years ago | (#22210108)

The recovery services can recover data up to 4 passes deep. Thing is the magnetic orientation is not really boolean but float. So the transitions of the values of the plate surface are like (new) = (0.9*trans)+(0.1*old), so:

0->0 = 0
1->1 = 1
1->0 = 0.1
0->1 = 0.9
0.9->1 = 0.99
0.9->0 = 0.09
0.09->1 = 0.909

so you can guess the sequence of transitions from the value.

I know battery-backed RAM can't be recovered that way - it's like it was constantly writing to itself, you'll have a thousand write cycles in matter of miliseconds. I don't know how data is stored in flash though.

Makes you wonder if you could quadruple the capacity of the harddrives that way too.

References please... (1)

Joce640k (829181) | more than 6 years ago | (#22210192)

Makes you wonder if you could quadruple the capacity of the harddrives that way too.

I think you just proved to us why your statement is false.

If old data is recoverable, the disk would hold more data.

Re:References please... (0)

SharpFang (651121) | more than 6 years ago | (#22210654)

I don't know how big the equipment to read data that deep is, but my bet is it wouldn't fit between the platters, or even within a 5.25" enclosure, plus costs a good deal more than your typical hard drive head. And reading one bit 4 levels deep may take far longer than picking up the 'outer-most' layer of information. The residual information remains and is readable strictly because the hard-drive head takes so short to write it.

And even assuming you could read the data at current speeds of reading 1-bit data, think of the process of writing the data in orderly manner: changing the data in layer 1 pushes the old data into layer 2, l2 down into l3, l3 into l4, and l4 into oblivion. So if you want to modify l1 data, you first cache the other 3 layers, then write them all back in order, before writing the top-most one.

This would be good for "shadow directory"/"snapshot"/"undo file" type storage, or "write rarely, read often" like applications or long-term storage (though I'm very unsure about how long-lasting is the deeper-level field value change). But most likely cost, reliablity, speed and size are prohibitive factors. It's cheaper to squeeze bits twice as densely.

Re:References please... (0)

Anonymous Coward | more than 6 years ago | (#22210666)

not if reading with such accuracy requires a read/write head and electronics that is more expensive than simply using more platters or drives.

Re:Honk! Honk! (1)

misleb (129952) | more than 6 years ago | (#22210846)

The recovery services can recover data up to 4 passes deep.


Which 'recovery services' are these? Can you reference any authoritative reports of ANYONE recovering a meaningful amount of data even 1 pass deep?

Re:Honk! Honk! (0)

Anonymous Coward | more than 6 years ago | (#22210908)

The recovery services can recover data up to 4 passes deep.
Name one recovery service which has publicly stated that they can perform recovery of data which has been overwritten even just once. You know they would announce that far and wide, because it would save a lot of people's asses to be able to resurrect accidentally overwritten data.

Re:Honk! Honk! (4, Interesting)

alen (225700) | more than 6 years ago | (#22210142)

when i was in US Army Europe the intel guys would take the HD's out of their PC's when it was time to toss them and open them up and scrub the platters with brillo or some other wire brush to destroy the platter. The PC's would then get turned in via usuall channels.

For monitors if you wanted to process classified info it was a whole lot of paperwork because with the old CRT's you can read what is on the screen from like 3 blocks away just by the radiation they put out. ditto with Cat5. if you had a classified laptop you would have a short cat5 to a special encryption device, then cat5 out to the datacenter downstairs which had the same encryption device and then it would run out to the servers. NSA said you could read cat5 traffic from like 3 blocks away as well

Re:Honk! Honk! (1)

iviagnus (854023) | more than 6 years ago | (#22210380)

Just a quick FYI: Acid doesn't melt anything, it dissolves them. Basic Science 101.

Re:Honk! Honk! (1, Interesting)

Anonymous Coward | more than 6 years ago | (#22210404)

The important thing to note is that you just mentioned the current NSA standard which takes into account massive paranoia and stupid theory.

More NSA paranoia, they're not sure if they need to start destroying UTP/STP Ethernet cable because it could store residual images of classified data making the cables themselves permanently classified. I am not even close to joking about this, they're that screwed up and over budgeted that your tax dollars are being pissed away on this kind of "research."

Oh, and then there's the new NSA-backed encryption with a built-in back door. Why bother breaking the encryption when you can just get in the easy way?

It's totally out of hand, so next time someone mentions the NSA and computer security in the same sentence, put your fingers in your ears and start yelling as loud as you can until they're done talking. It will make you feel less dumb about paying your taxes.

Re:Honk! Honk! (5, Insightful)

_KiTA_ (241027) | more than 6 years ago | (#22210002)

I'd figure the same as with regular harddisks apply. One pass and gone the data is.

Except that unlike normal HDDs, SSDs intentionally fragment the data across the drive to avoid writing to a specific section of the drive repeatedly (an attempt to avoid over-writing to the flash). Assuming you don't fill up the ENTIRE DRIVE, your data might very well still be there.

I'd love to ask Ontrack or Drivesavers about it, to be honest.

Re:Honk! Honk! (1)

Teppic_52 (982950) | more than 6 years ago | (#22210906)

But if you delete the file, then for example cat /dev/urandom > /mnt/sdd/largefile on the drive, it will keep 'catting' until the drive is full.
Lather, rinse, repeat...

Er, what's the actual question? (3, Insightful)

broken_chaos (1188549) | more than 6 years ago | (#22209722)

Is it "How can I recover data from a failing/failed solid-state drive?"? Or is it "How easily can someone else find my 'deleted' data on my solid-state drive?"?

I'm not sure of the answer to either question, directly, but I'd suggest multiple backups for the first one, and encryption for the second one (full/near-full disk encryption is quite fast on a multi-core system).

Pointless (4, Interesting)

mlyle (148697) | more than 6 years ago | (#22209728)

It appears that solid state drives are going to have several times the MTBF of conventional media, and thus a failure rate several times lower. Sure, data recovery is much less likely to work when SSDs fail-- as it's more likely to be the actual memory failing than controller chips or ancillary electronics. However, normal disk recovery places can only recover your data from a failing/failed drive perhaps 60-75% of the time. Thus, the actual incidence of unrecoverable data on a SSD is likely to be much lower than with rotating media, and the overall failure rate lower still. This is nothing but a win, as the normal data recovery rackets are made irrelevant in the case of media failure and overall reliability is improved.

Re:Pointless (4, Insightful)

TooMuchToDo (882796) | more than 6 years ago | (#22209968)

I agree with your post, and would like to point out that the original question is moot. Between SSD media, redundant drive systems, and autonomous remote backup platforms, you should care little about the media data recovery rate. Only care that you've put an intelligent data management system into place. Don't have a single point of failure (like the media) and you'll be fine.

Re:Pointless (1)

QuantumRiff (120817) | more than 6 years ago | (#22211000)

However, if your not concerned so much about recovering your data as you are about someone else recovering your data, I would zap the chip with 110V ac current. We used to play with EEPROMS and the like in college, putting too much current to them, it literally melts the logic gates.

Re:Pointless (4, Informative)

TubeSteak (669689) | more than 6 years ago | (#22210128)

It appears that solid state drives are going to have several times the MTBF of conventional media, and thus a failure rate several times lower.
Generally speaking, solid state media don't fail. You lose sectors over time and these get replaced from the resevoir. When the resevoir runs out, the size of the available space shrinks, but AFAIK, data doesn't get corrupted when a sector gets stuck.

AFAIK, the only way you get data corruption in a SSD is from power fluctuations causing a bad write.

SSD Data Recovery (-1, Offtopic)

RNLockwood (224353) | more than 6 years ago | (#22209730)

Not to worry, I have Time Machine backing up to an external drive.

Re:SSD Data Recovery (1)

snowraver1 (1052510) | more than 6 years ago | (#22210236)

Awwe, how cute! Would you like an apple shaped cookie?

Ram and Nand (1)

elsJake (1129889) | more than 6 years ago | (#22209736)

I don't know about NAND chips , but apparently ram isn't all that "volatile" as it should be( http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html [auckland.ac.nz] , part 7). If nand flash is anything like ram the ware leveling algorithms would still ruin any forensics in a system were data changes frequently.

Re:Ram and Nand (0, Troll)

tripwirecc (1045528) | more than 6 years ago | (#22209786)

Oh god, Gutmanns bullshit still circulating?

Re:Ram and Nand (1)

elsJake (1129889) | more than 6 years ago | (#22209800)

arguments please

Re:Ram and Nand (1)

tripwirecc (1045528) | more than 6 years ago | (#22209994)

It's the same Gutmann that wrote the dramariffic Vista DRM paper. This person's not to be taken seriously. He also wrote some data recovery paper a computer forensics friend of mine reads once a while to cheer up his day.

Re:Ram and Nand (1)

elsJake (1129889) | more than 6 years ago | (#22210900)

i'll look into it then, thanks!

What is the Data recovery % for non SSD drives? (1, Insightful)

Bill, Shooter of Bul (629286) | more than 6 years ago | (#22209742)

I realize there are "professional" companies that specialize in data recovery, but in my ( admittedly limited) experience I've only heard of sob stories of people paying $$$ and not getting any data back. On the plus side, Its always taught them to back up their data.

Re:What is the Data recovery % for non SSD drives? (2, Informative)

sBox (512691) | more than 6 years ago | (#22209842)

Not recovering the data you want is always a risk. In my experience I have recovered everything I've needed using a pay-for service. Expensive? Yes, but you (or your client) must weigh benefit.

Backup, backup, backup. Those that don't will pay the price. Literally.

Re:What is the Data recovery % for non SSD drives? (1)

darthflo (1095225) | more than 6 years ago | (#22210514)

A relative of mine paid some $2500 for what probably were a few broken sectors. Years later, the recovered data (and all the stuff accumulated in between) was, without any backups, stored on the disk he got it from the recovery service. Which started failing, too.
Some people never learn.

Google Media.... (1)

DontLickJesus (1141027) | more than 6 years ago | (#22209766)

Perhaps as these types of media become cheap enough we will all be able to run our own media with the GMail-esk mantra "Never delete data again!". But seriously, Data Recovery exists through a flaw(?) in old media types. If I delete something, I want it gone. If I want to get it again, or insure it from loss, I should make backup. This is all well and good until FBI/NSA/DHS decides to install rootkits on every media type we buy... that'll be the day.

Clearly... (0)

spadefoot (908522) | more than 6 years ago | (#22209782)

A dolphin with a SQUID would seem to be the obvious choice.

Worst. Blog Ad. Evar. (0)

Anonymous Coward | more than 6 years ago | (#22209792)

From the first sentence's "there is a significantly less number of qualified technicians" to "However, none of this any consolance to the customer who has just lost critical business material", there is no content in this blog. Worst blog-slashvertisement ever.

Simple (4, Insightful)

Kjella (173770) | more than 6 years ago | (#22209808)

If you want security, encrypt before you store. If you want recoverability, get a real backup. Seriously, this has been this way ever since computers got fast enough to do AES on the fly against disk. Ubuntu supports it in the alternate installer, Debian and probably the rest too. On Windows various closed source software like DriveCrypt++, Bitlocker and whatnot is available. This isn't really all that difficult...

Secure erase (5, Interesting)

trainman (6872) | more than 6 years ago | (#22209876)

Actually my concern would be more the exact opposite, what are the implications for secure erasure of these drives? Before we could just open the drives and smash the platters if you wanted to be really paranoid. Now, do we have to make sure we find all the flash chips and ensure each one of them is destroyed? Are there other implications because of this flash memory for secure erase utilities?

If your hard drive dies and you don't have a backup, I have very little sympathy for you. You should know better. Especially anyone reading slashdot. Let's get back to our NSA fearing roots and talk about how to protect ourselves with the latest in encryption technology. ;-)

Re:Secure erase (1)

dasbush (1143709) | more than 6 years ago | (#22210012)

Before we could just open the drives and smash the platters if you wanted to be really paranoid
Couldn't one just take a hammer/woodchipper to the new SSDs? Sure, you might be able to get some data off the drive. But the same would be true about a hard drive. If someone wanted to (already has?) invent a drive reader for a smashed up Solid State or Disk Platter drive, I'd bet that they could given enough time/money.

Re:Secure erase (1)

Kjella (173770) | more than 6 years ago | (#22210368)

If someone wanted to (already has?) invent a drive reader for a smashed up Solid State or Disk Platter drive, I'd bet that they could given enough time/money.
From what I understand, this is standard (but not cheap) service at IBAS and such, at least for hard disks. Damaged platters and such would be insane to spin up, they could fly apart and some might be already be so damaged they can't be spun around the axis. Instead they'll open the drive in a cleanroom and bring the reading head to the platter rather than the other way around. A wipe is probably more effective, at least I think IBAS will tell you to forget it if you bring them a wiped drive. What the NSA may or may not be able to do, you're at least not going with something that's publicly and well documented possible to recover.

Re:Secure erase (1)

maxume (22995) | more than 6 years ago | (#22210052)

Fire will do a fine job of finding all the flash chips.

Also, do flash chips even have a memory effect?

Fire (1)

davidwr (791652) | more than 6 years ago | (#22210054)

There are ways to destroy solid-state disks that don't require a hammer.

Re:Secure erase (1)

joeytmann (664434) | more than 6 years ago | (#22210112)

In short, yes. What's the difference in cracking open a platter based drive and an ssd based drive? Nothing, you just have to destroy the media. That's what large hammers are for.

Re:Secure erase (1)

Mr_eX9 (800448) | more than 6 years ago | (#22210228)

Well, you could take the principle behind the Etherkiller [fiftythree.org] and apply it to SATA or USB or whatever your SSD's connection is. Sending 120 volts to your flash chips should quite literally toast them, right?

Re:Secure erase (3, Funny)

darthflo (1095225) | more than 6 years ago | (#22210568)

If it doesn't, move to Europe. 230V will kill more.

Re:Secure erase (1)

Firethorn (177587) | more than 6 years ago | (#22210928)

Step 1: Find two sockets that are on different circuits.
Step 2: Verify that the circuits are on seperate phases
Step 3: Rig a cable going from hot 1 to hot 2*
Step 4: Fry circuits using etherkiller type cable@240V

Alternatively, use a dryer socket or something.

*Make sure both circuits aren't GFI, otherwise they'll pop pretty much instantly.

Re:Secure erase (1)

JATMON (995758) | more than 6 years ago | (#22210374)

I was just looking into these the other day. If you want to spend the money, They have SSDs that erase to Military SPECs (http://www.stec-inc.com/technology/total_drive_protection.php [stec-inc.com] ). If you are really paranoid, they even have a destructive purge that will destroy the drive in 2 seconds.

Re:Secure erase (0)

Anonymous Coward | more than 6 years ago | (#22210594)

Before we could just open the drives and smash the platters if you wanted to be really paranoid. Now, do we have to make sure we find all the flash chips and ensure each one of them is destroyed?
I think this method [willitblend.com] of disposal should work equally well for SSDs as it does for traditional HDs.

Use the gForce (5, Funny)

carpe_noctem (457178) | more than 6 years ago | (#22209888)

Ask Slashdot: For when you've got time to write up a whole paragraph, but not a 5-word google search...

Google results, which seem rather informative [google.com]

Re:Use the gForce (4, Informative)

carpe_noctem (457178) | more than 6 years ago | (#22210056)

Looks like I misspoke a bit... looks like the point of this post isn't to ask something that could have been easily googled, it was for this chump to plug his blog. So, let me rephrase:

Ask Slashdot: When a slashvertisement just won't do, since you've only got yourself to sell.

Re:Use the gForce (1)

MyOhMyOhMy (1119923) | more than 6 years ago | (#22210728)

Even if there was some shameless intent in doing "Ask Slashdot", I still believe the category has value to the average Slashdot reader, which I will not proclaim to be myself, since I have no idea what "average Slashdot reader" is like in the first place. The point is, that one could certainly Google for answers, and I frequently do, but sometimes one wonders how many people would agree the search topic is interesting, and would like to get feedback from Slashdot dwellers. This way one does not wonder alone.

Pointless (-1, Flamebait)

Anonymous Coward | more than 6 years ago | (#22209938)

Data recover services exist because people are stupid enough to not use redundant arrays and not make reliable backups. If you care about the integrity of your data you should be doing those two things, which will make the capabilities of data recovery services irrelevant. (Oh, and it's a hell of a lot easier to make your data safer by using more redundancy and more backups than by using a technology which is easier to recover.)

Its a good thing (1)

mrroot (543673) | more than 6 years ago | (#22210028)

And why is it considered a desirable effect that someone can forensically recover data that the owner indended to destroy? If SSD really does not allow data to be recovered like this, then in general thats good, IMO. Not just for legal reasons, but for any reason of privacy.

If you are concerned about protecting against data loss there are other more effective ways like implementing RAID and maintaining off-site backups.

Datarecovery of SSD drives. (5, Interesting)

rew (6140) | more than 6 years ago | (#22210286)

I work for www.harddisk-recovery.com .

We will gladly reverse engineer the data-distribution algorithms that the SSD device uses on a case-by-case basis. We have done so in the past for several different USB sticks. We will desolder and read the individual data-holding chips and then reverse engineer their scrambling algorithms. We will then recover your data from whatever chips still work sufficiently to provide us with some data.

The first time this will take us a few days extra. Expect about a week turnaround time the first time anyone sends us a failed SSD disk.....

Re:Datarecovery of SSD drives. (1)

Reziac (43301) | more than 6 years ago | (#22210668)

Very interesting, thanks. So all is not lost. :)

What does this cost, compared to recovery from conventional hard drives??

Destroying sensitive data (3, Insightful)

Venik (915777) | more than 6 years ago | (#22210314)

If you have any data that you may need to destroy quickly and permanently, I would suggest using DVDs. Sure, it's slow and a hassle but, when you need to get rid of a large volume of information in a hurry, you just take your DVDs and put them in a microwave for a few seconds.

The damage microwave radiation causes to the data on the DVD extends beyond visible damage to the metal layer. That is to say that, even though it may seem like there are undamaged areas left on the DVD's surface, they are still unreadable. And it only takes 2-3 seconds to completely destroy a whole stack of DVDs, if they are arranged in a microwave with some space between them. Rewriting a hard drive with multiple passes may take hours and still leaves a possibility that some data may be recovered.

It seems to me that with SSD data recovery should work better than with conventional hard drives. You may need to overwrite the entire disk multiple times, as opposed to overwriting just the selected data, as you would with a conventional hard drive.

Re:Destroying sensitive data (1)

Happy Lemming (918671) | more than 6 years ago | (#22210730)

Personally, I favor gerbils - they are great for shredding moderate amounts of printed data. They don't do much for the working copy on the hard drive, though.

Re:Destroying sensitive data (2, Funny)

DarkSarin (651985) | more than 6 years ago | (#22210790)

Yes, but what does a microwave do to a HDD? Of course, the HDD does have the reverse damage feedback spell enabled, so it will probably kill the microwave too, but if you were in a hurry to kill sensitive data, that's a risk I'd take...

Telling the gov't why your HDD was in the microwave might be a little trickier...

Re:Destroying sensitive data (1)

JeepFanatic (993244) | more than 6 years ago | (#22210812)

Wouldn't you still have a problem that the data would have been at some point on your hard drive as well before it was transferred to DVD? Even if just as a cache of some kind?

Differential Attacks (0)

Anonymous Coward | more than 6 years ago | (#22210580)

I've seen a lot of comments about using whole-drive encryption on these flash drives. However, flash drives balance the load across multiple blocks in order to extend the life of the device. Anybody want to take a guess at how less secure your encryption becomes if there are mutliple historical copies of a block around to use for comparison?

The real danger is a loss of recovery companies... (1)

PortHaven (242123) | more than 6 years ago | (#22210676)

My experience with Flash medium has been extremely impressive (especially versus harddrives):

I've encountered a nearly a dozen hard drive and micro-drive failures in recent years. Meanwhile, I have experienced only one partial failure of a flash device - it had a bad sector. I could extract all the rest of the data except for the file written in that sector of a 512mb Compact Flash card. So it was merely a partial loss and very small percentage. While this was enough to lead me to cease using this card, it was a very very minimal loss of data.

Now, I haven't even addressed the accolades of flash based devices. I have one thumb drive, it's a few years old now and still running. That may not be all that surprising. But I think it is unlikely that a 3 yr old hard drive would still be running after having gone thru the washing machine and the dryer....twice!

***

So back to the point of my reply....

The recovery options seem very similar to me. Clean room, magnetic readers, etc. I expect the same basic processes as are used to recover data on hard drives and floppies. However, I expect there to be a lot lot less need to do so.

The problem is see is that the small number of recovery centers may become even fewer. And the issue might be finding a company to extract the data. Especially after disaster situations (ie: regional flood, etc) where a large number of individuals & companies desire data recovery. We could see a large backlog occur as there might not be enough business out there to keep a large number of companies operating in this very unique field.

- The Saj

Re:The real danger is a loss of recovery companies (1)

oddaddresstrap (702574) | more than 6 years ago | (#22210882)

The recovery options seem very similar to me. Clean room, ...

Clean room? Why?

the effect of wear-levelling on recoverability? (2, Interesting)

Tumbleweed (3706) | more than 6 years ago | (#22211006)

Okay, so the new wear-levelling ability of SSDs, (where if it cannot write to a block/bit/whatever, it marks that as bad and writes somewhere else), brings a question to mind:

Let's say you have had your SSD for awhile, and some data is in areas that subsequently get marked as 'bad'. You 'format' your SSD clean, but does the format change those marked-bad bits? If not, just because they cannot be written to, doesn't necessarily mean they couldn't be READ from by some utility that ignores the marked-bad flags, in theory. So, is it possible for an SSD to have data recoverable from 'marked bad' areas, that might even pass a format/multi-write randomizing utility? Something to think about. Hopefully someone knows the answer...
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?