Correct Data Deletion of Flash Memory | SSDs | NVMe Drives
When it comes to securely deleting a file on flash memory, such as a USB stick or SSD, it is essential to take into account the internal control electronics that ensures that different memory cells are used for each write operation. Consequently, using tools such as “shred” or “wipe” to overwrite individual files is not effective. Additionally, flash memory also has reserve cells that cannot be overwritten by erasing the entire device.
On Linux systems, the “hdparm” command line tool can be used to erase an SSD or flash memory. However, it's important to note that a secure erase via this method cannot be guaranteed 100%. A more secure solution would be to use operating system-side disk encryption, such as dm-crypt/LUKS, instead of relying on the firmware option of the flash memory.
To use “hdparm” to erase data on an SSD or flash memory, the following steps can be taken:
Check the device information with the command “hdparm -I /dev/sdX“
(replace X with the drive letter)
Set a temporary password for the device with the command “hdparm --user-master u --security-set-pass password123 /dev/sdX“
(replace password123 with your desired password)
Verify the operation was successful by running the command “hdparm -I /dev/sdX” again
Start the deletion process with the command “hdparm --user-master u --security-erase password123 /dev/sdX“
(replace password123 with the set password)
How to Securely Erase Data from a USB Stick using F3 – Fight Flash Fraud on Ubuntu 22.04
F3 – Fight Flash Fraud is a free and open-source tool designed for checking and wiping USB sticks on Ubuntu. This tool enables you to securely erase all data from your USB stick, especially useful when disposing of or selling the device. In this article, we will guide you through the process of installing and using F3 on Ubuntu 22.04.
Step 1: Installing F3
Open the terminal and enter the following command to install F3:
sudo apt update && sudo apt-get install f3
Step 2: Identifying the USB Stick
Before erasing data from the USB stick, you need to identify the device name. To do this, insert the USB stick into your computer and enter the following command in the terminal:
lsblk
The output will display a list of all connected storage devices and their names. Look for the device that corresponds to your USB stick (e.g. /dev/sdb).
Step 3: Erasing the Data
Once you have identified the device name, enter the following command to securely erase the data on the USB stick:
sudo f3write /dev/sdb
Note: Replace “/dev/sdb” with the actual device name of your USB stick.
This command will erase all data on the device and overwrite it with random data. The erasure process may take some time, depending on the size of the device.
Step 4: Verifying the Erasure
After the erasure process is complete, you can verify that the data has been erased by entering the following command:
sudo f3read /dev/sdb
This will run a read test on the device and report any errors. If no errors are found, the data has been securely erased.
Conclusion
F3 - Fight Flash Fraud is an effective tool for securely erasing data from your USB stick on Ubuntu. With these simple steps, you can ensure that all sensitive information is deleted before disposing of or selling the device.
It's important to note that wiping data using F3 - Fight Flash Fraud is not a 100% guarantee that the data has been completely erased. Although the tool overwrites the data on the device, it is still possible for a determined attacker to recover some of the original information.
For maximum security, it is recommended to use encryption. One method of encrypting a USB stick is dm-crypt LUKS. dm-crypt LUKS is a disk encryption method that provides strong security for stored data. With LUKS, the data on the USB stick is encrypted using a password or key, making it difficult for anyone to access the data without the password or key.
To encrypt a USB stick using dm-crypt LUKS, follow these steps:
Create a LUKS-encrypted partition on the USB stick.
Format the encrypted partition with a filesystem (e.g. ext4).
Mount the encrypted partition to a directory.
Copy the data you want to store on the USB stick to the mounted directory.
Unmount the encrypted partition.
Encrypting the data on your USB stick with dm-crypt LUKS ensures that your data is protected even if the device falls into the wrong hands. Gparted can be used to accomplish this encryption process.
Thx to @macst3r <3
NVMe drives
For NVMe drives, it's recommended to use NVMe CLI tools as they are specifically designed for the NVMe specification and offer greater functionality. Data on an NVMe drive can be securely deleted using the “nvme-format" tool. The general process is as follows:
Check for NVMe devices on the system with the command “nvme list“
Format the NVMe device with the command “sudo nvme format -s1 /dev/nvme0n1“
Confirm the format command.
It's important to note that while data deletion on an NVMe drive can be secured, it still cannot be guaranteed 100%. Physical destruction of the device may be necessary.
To install “nvme-cli” on Ubuntu 22.04, the following steps can be taken:
Update the package lists with the command “sudo apt-get update“
Install the “nvme-cli” package with the command “sudo apt-get install nvme-cli“
Verify the installation was successful by displaying the version of the “nvme-cli” tool with the command “nvme version“
With these steps completed, you should now be able to use “nvme-cli” on Ubuntu 22.04.
This blog post was inspired by:
https://www.kuketz-blog.de/ssd-flashspeicher-sicher-loeschen/
Further reading, citations sorry some sources are in german:
https://www.awxcnx.de/handbuch_42.htm
https://paderta.com/privacy/daten-sicher-loschen/
https://www.usenix.org/legacy/events/fast11/tech/full_papers/Wei.pdf
https://docplayer.org/81314583-Daten-von-festplatten-ssds-und-handys-sicher-loeschen.html
https://linuxundich.de/gnu-linux/usb-sticks-und-sd-karten-auf-fehler-pruefen/comment-page-1/
https://maker-tutorials.com/osx-el-capitan-freien-speicherplatz-sicher-loeschenueberschreiben/
https://wiki.debianforum.de/Hdparm
https://www.kingston.com/de/blog/personal-storage/using-usb-drive-on-mac