SSD / Flash Storage

  • Home
  • /
  • SSD / Flash Storage

HackediOS’ original vision was the dedication to the exploration and movement towards true secure data wiping of iOS on any iPad, iPhone or iPod. Beginning with iOS 8, the iOS architecture is built in a way that once a user performs an “Erase All Content and Settings” wipe, all data is unrecoverable, at least for now until someone figures out a way to work around the OS and hardware. This was pointed out by Richard Plummer, CEO of Cyber Crime Forensics, LLC, in reference to page 10 of Apple’s current security guide located here. Pay special attention to the section Architecture overview where it explains how the encryption keys work.

To further explain how flash chips / SSD work, taken from the Non-Volatile Systems Laboratory, “Sanitizing data from storage media is a critical component of data management, especially for governments and the enterprise. Sanitization is well-understood for traditional magnetic storage, such as hard drives and tapes. Newer Solid State Disks (SSDs), however, have a much different internal architecture, so it is unclear whether what has worked on magnetic media will work on SSDs as well.

At the Non-volatile Systems Laboratory, we have designed a procedure to bypass the flash translation layer (FTL) on SSDs and directly access the raw NAND flash chips to audit the success of any given sanitization technique. Our results show that naively applying techniques designed for sanitizing hard drives on SSDs, such as overwriting and using built-in secure erase commands is unreliable and sometimes results in all the data remaining intact. Furthermore, our results also show that sanitizing single files on an SSD is much more difficult than on a traditional hard drive. We are working on designing new FTLs that correct these issues and also exploit properties of flash memory to maintain performance while sanitizing the flash drive.

We are actively seeking industrial partners for this project who can assist us in identifying parameters critical to particular applications and in acquiring small quantities of solid state disks for testing.”

Michael Wei has written a large amount of publications on this subject matter with his involvement at the Non-volatile Systems Laboratory. Click on his name to see a list of them. Here is a presentation from Michael titled, “Reliably Erasing Data from Flash-Based Solid State Drives”.

Here and here are two more very detailed, precise articles explaining the SSD structure.

Jonathan Zdziarski is a forensic scientist, author, reverse engineer of iOS.