Data Removal Processes for a Solid-State Hard Drive

Disk Sanitization Methods for Solid-State Hard Drives

In this article, the term disk sanitization references to the process of eliminating all data on the storage device so that it is impossible to recover.

There are three conventional methods for sanitizing SSDs. These three methods apply to sanitizing an entire hard drive, but not specific files or folders.

• ATA Secure Erase - The SSD firmware has an embedded command set that overwrites all data on the SSD. Software that runs within a bootable environment manages this command.
• Cryptographic Erase - On Self-Encrypting SSDs, the encryption key can be changed or erased, which leaves all the encrypted data indecipherable, and unrecoverable.
• Media Destruction - Department of Defense standards approve of this method if compliant with specific guidelines.

It should be noted that sanitization methods for spindle hard drives do not apply to SSDs.

Using ATA Secure Erase for Solid-State Hard Drives 

This is a common method of sanitization for non-encrypted SSDs. It is designed to put the drive in a raw state by overwriting each bit of data as a zero. The command set exists within the SSD firmware, and software that operates within a bootable environment on a USB drive manages this process.

Dell does not recommend any software capable of using this process, but you can find some useful information about the subject at https://en.wikipedia.org/wiki/Data_erasure

Using Cryptographic Erasure on a Self-Encrypting Drive

On a self-encrypting hard drive (SED), the encryption key is stored within a small storage area on the drive, and the SED internal hardware passively encrypts and decrypts the incoming and outgoing data respectively. Access to the drive occurs through either software pre-boot authentication or a BIOS password.

Encryption management software allows a system administrator to delete and regenerate the encryption key residing in the SED, which leaves the previously written data indecipherable and securely unrecoverable. As with ATA Secure Erase, the drive is left in a raw state, and a new key is generated within the drive.

Using a Furnace or Shredder to Destroy the Drive

Products are available that destroy SSD media through smelting or shredding. This is the only method of SSD sanitization approved by the United States Department of Defense and the National Security Agency. The DOD/NSA standard for smelting SSDs requires a licensed furnace rated at 1,600 °C. The DOD/NSA standard for shredding SSD media requires that fragments be reduced to less than 2 mm in edge length using an NSA/CSS evaluated shredder.

More information regarding DOD/NSA compliant sanitization for SSDs can be found on the NSA site: Media Destruction Guidance