Erasing a Solid State Drive (SSD)


Why can't normal methods be used to erase an SSD?

Solid State Drives (SSDs), and other flash-based media like portable USB drives, store data as electric charges. Traditional storage media like mechanical hard drives or tape based storage have storage physically writen to magnetic media, and therefore can be erased using tools like degaussers, which use powerful magnets to wipe the disks. Flash media is unaffected by magnets and cannot be wiped in this way. SSDs also perform tasks called "wear leveling" which will remove certain sections of the disk from use, but these decomissioned sections may still retain data. Wiping a disk using tools like DBAN will not write to these sections, leading to data remanence. Because of these two issues, SSDs must be wiped in a different manner. 

 

Using Encryption to Erase an SSD

By using whole disk encryption on an SSD, all of the data on the drive will become unreadable without the decryption key. By formatting the drive and removing the encryption key, the SSD can be securely disposed of without the risk of data remaining on the drive. 

Today, most OSes provide built in encryption tools that can assist in securing an SSD. 

 
Securely Erasing an SSD with Bitlocker on Windows

You can perform this on a live system if you are decomissioning it, or your can perform this on an external/secondary drive that is connected to a Windows 10 machine.

1. Open the Control Panel, navigate to "System and Security," and choose "Manage Bitlocker" (or search for Bitlocker on the Start Menu)

2. For the SSD media that needs to be securely erased, choose "Turn on BitLocker" and follow the prompts. This will encrypt the entire device.

For secondary drives

3A: 

1. After the disk is encrypted, you can format the disk from "This PC" or Disk Management.

2. After the disk is formatted, you can go back to Bitlocker settings in the Control Panel and "Turn off BitLocker." This will decrypt the disk and destroy the key. Any data remaining on the disk from before the format should be encrypted, and without the key, irrecoverable.

For system drives

3B: 

1. Using external media, like a Linux Live CD or Windows 10 installation media, delete all the partitions/format the system drive. The encryption keys will be deleted through this process and the data will be unrecoverable. 

 

Securely Erasing an SSD with FileVault on MacOS

1. Open System Preferences, navigate to Security & Privacy, and choose the FileVault tab.

2. Turn on FileVault for the boot drive. Create and retain a recovery key for later. 

3. When the SSD is fully encrypted, reboot the Mac into Recovery mode (? + R during boot)

4. From Recovery mode, launch Disk Utility. Select your encrypted boot SSD and choose "Unlock [volume name]" from the File menu and provide the recovery key from step 2. 

5. When the disk is unlocked, erase the disk in Disk Utility. This will remove the encryption key and data on the disk, making everything on the disk unrecoverable. 

6. If required, reinstall MacOS if the device is to be reused. 

 

Using Vendor Tools to Securely Erase an SSD

Some disk vendors provide proprietary utilities that can be utilized to issue a "secure erase" command to a disk. This is usually very fast provided you have access to the correct utility.

Not all vendors provide such a tool, and the offerings may change over time. Usually the tool is provided as a boot disk that can be used to load the utilities including secure erase. 

We recommend searching Google for "[vendor] SSD utility" to find your specific vendor's tools, such as Samsung Magician or Seagate's SeaTools. Follow the manufacturer's instructions to wipe your disk securely. 

 

Other Options

20019
10/22/2019 1:19:07 PM