Adventures in SSD wiping!

[Metanis]

Doctor client with HIPAA concerns wanted me to wipe and clean a couple of his older laptops for disposal or gifting. I had installed SSDs in these a few years ago. Both laptops are 10-year-old Sony Vaio's with 3rd gen core i7 and running Win10 home. One has a Crucial MX500 and the other a Samsung 860.

The Samsung was rather easy to wipe by using their integrated Secure Erase from the Magician Software. Kind of interesting though, they require you to disconnect the SATA cable while the power to the device is ON! Luckily for me the Vaio is easy to get access to the HDD compartment.

The Crucial drive was more challenging. Storage Exec isn't as friendly. It won't work if you're trying to erase the boot drive and it won't detect the drive if connected via a USB caddy. I was on-site and had no access to a bench machine where I could have connected directly via an internal SATA cable.

Eventually, my son gave me an idea. After connecting the drive to a machine with Windows Pro I enabled Bitlocker on the Crucial and let it run. Then after it reported the drive was 100% encrypted I ran Diskpart and blew away all the partitions, placed the drive back into its original machine and ran Windows 10 setup from my flash drive.

My thinking is that since the old data was encrypted before I installed a new copy of Windows and the encryption key is no longer available, only a government actor would be able to recover any of the old data.

Any thoughts on if I'm correct in my thinking?

 

[YeOldeStonecat]

We use Crucials own USB to SATA bridge, have several of them, the Storage Exec will see it here.

 

[carmen617]

If I'm given a working system with an SSD to wipe, I've taken to just resetting the system using "clean this pc" options, setting it up again with Bitlocker enabled, putting in a fairly strong password on the new Windows installation, then resetting the PC again. It's easy and mostly unattended, and I have to think it's pretty secure, can someone convince me otherwise?

 

[britechguy]

We use Crucials own USB to SATA bridge, have several of them, the Storage Exec will see it here.

Just curious if you've used this with other brands? If it causes any (or even many) brands' SSDs to be recognized for secure erase when connected via USB it's definitely a worthwhile investment.

 

[YeOldeStonecat]

Just curious if you've used this with other brands? If it causes any (or even many) brands' SSDs to be recognized for secure erase when connected via USB it's definitely a worthwhile investment.

Hmm....I don't think we have (I know I haven't) We do about 95% Crucial for SSD brand. I don't think we've tried to wipe another brand 2.5" SATA SSD in this bridge....will ask our bench tech....

 

[britechguy]

Hmm....I don't think we have (I know I haven't) We do about 95% Crucial for SSD brand. I don't think we've tried to wipe another brand 2.5" SATA SSD in this bridge....will ask our bench tech....

Thanks.

Also, if you would (or can), could you give a direct link to this item if one wishes to purchase it? Yes, I can search, but I thought I'd ask in case you might have kept it somewhere for future reference.

Crucial Easy Laptop Data Transfer Cable for 2.5-inch SSDs

 

[Philippe]

enabled Bitlocker on the Crucial and let it run

AFAIK, files are encrypted in a free disk space, then the originals are "deleted". So it all depends if these deleted files were overwritten in the process or by the new W10 installation.
I thing filling the SSD with anything will do the trick / secure erase it.

 

[Metanis]

AFAIK, files are encrypted in a free disk space, then the originals are "deleted". So it all depends if these deleted files were overwritten in the process or by the new W10 installation.
I thing filling the SSD with anything will do the trick / secure erase it.

You are correct if the selection is made to only encrypt "used" space. I chose the other option, to encrypt the entire disk. If I'm reading the overview correctly it should have encrypted even the deleted spaces.

 

[britechguy]

By the way, and I have no reason to doubt them, this article from Tom's Hardware (https://www.tomshardware.com/how-to/secure-erase-ssd-or-hard-drive) states you can use diskpart with an SSD and get a secure erase:

6. Enter clean all. After several seconds or perhaps a few minutes, you will see a message telling you that the process has completed.

(Image credit: Tom's Hardware)
Your drive should now be securely wiped. If you were planning to give the computer to someone else, you can go ahead and reinstall Windows on it. When I used "clean all" to secure erase the SSD on a PC I was donating to charity, I was no longer able to see my deleted files on it using EaseUS Data Recovery.
-------------------------------

This doesn't surprise me, as Windows has differentiated SSDs from HDDs for quite a few of their utilities and functions of same.

Doing a "clean all" for an HDD does a zero fill to the entire drive. It makes sense that it would trigger the secure erase function for an SSD, which is the functional equivalent of the zero fill on a HDD.

 

[Metanis]

Doing a "clean all" for an HDD does a zero fill to the entire drive. It makes sense that it would trigger the secure erase function for an SSD, which is the functional equivalent of the zero fill on a HDD.

That's great to know. I always have a Win10 or 11 boot drive with me.

 

[HCHTech]

We use Crucials own USB to SATA bridge, have several of them, the Storage Exec will see it here.

Wait - there is a proprietary link between their bridge and their drives? I wonder how that works. The cable itself isn't expensive enough to have a chip in it, hmmm. We use Samsung drives when we can, but will go to Crucial when we have to, so I think I'd better pick up a couple of these.

Edit: Out of stock - haha.

 

[YeOldeStonecat]

I don't think it's proprietary, I'm guessing it's a standard USB to SATA bridge, just....we know it works with their Exec Storage software....as we do lots of 'em.

 

[frase]

We use Crucials own USB to SATA bridge, have several of them, the Storage Exec will see it here.

I own something similar, not crucial though come in very handy. Yes works fine with any drive, just not 3.5 obs as needs power.

I have two of these, reason because I lost one then found it again.

SATA 2 USB

 

[fincoder]

diskpart clean all, or Windows reset with the clean option. Microsoft tells us that is how you securely erase a drive so why bother with anything more?

 

[brandonkick]

Most secure option?

Let it hang out in an 600C to 800C heat source for a few min. You can't recover data from it, if it's a liquid.


I suppose zeroing it out, and then setting up bitlocker followed by blowing away those partitions would be good for non HIPPA cases, or cases where confidentially is critical.

Anything beyond that? Your cost of knowing nothing will ever be recovered from that drive is the cost of a replacement. Then pick your poison. let the drive soak in some type of acid that will dissolve the parts to mush... roast it like a chestnut over an open fire (800C open fire).... pulverize it under a few thousands pounds per square inch of pressure... whatever you like or have available to you.

 

[sapphirescales]

Just zero fill the drive. There are many, many programs that do this. This is what we use: https://hddguru.com/software/HDD-LLF-Low-Level-Format-Tool/

Whatever software you use, just run the drive through R-Studio to make sure you can't recover any data to make sure the software you chose actually works. I've never been able to recover any data after wiping with this tool.

 

[Diggs]

I keep the disk tool for each SSD maker installed and lined up on the bottom of the desktop of my shop computer. Crucial, WD/SanDisk, Samsung, Kingston, PNY all have secure wipe for their drives built into their software.

 

[lcoughey]

Best and fastest option - secure erase
Alternative and slower option - overwrite the drive with 0x00
Another possibility is to make sure TRIM is enabled and just quick format it

In all cases, when done erasing, open the drive with a hex editor and search for non 0x00 sectors

 

[NviGate Systems]

Correct me if wrong but doesn't HIPAA not allow reuse of storage devices? I seem to recall reading that somewhere.

If that is the case, the best thing is to have them ground up, lots of shredding companies will do hard drives and give you a certification or receipt of said disposal. Problem solved, 1000% no data leak possible from that device.

Edit: It looks like it can be reused but you have to of course wipe it. Very complicated industry standards.

 

[Porthos]

When I needed to satisfy HIPPA, I used the following and printed the proof of erase. https://www.killdisk.com/eraser.html