self destruct data

Self-erasing flash drives destroy court evidence – and your data too.

In Blog, Information, Unrecoverable Data by Administrator

This message will self-destruct in 5 seconds…

Mission Impossible. Yes, sometimes data recovery really can be a mission impossible. If only it were a tape recorder with smoke coming out of it – we’d have the data off that magnetic media in a jiffy. Things have become a little more complicated now. This week we had our first experience of what is likely to have been a ‘self-erasing’ device. A brand new 32GB memory stick using the latest processor and NAND chips (click here for general information on how SSDs and memory sticks work). When the chips were dismounted and read directly in Soft Center there was general bafflement. This was because the NAND chips were working perfectly but completely blank.

 

Self-Erasing Memory Sticks

What does ‘self-erasing’ mean in this context? Normally when data needs to be written to a flash NAND chip it is necessary to perform an erase command and then a write command. Typically these have happened at nearly the same time. It appears that in order to improve performance that during the time the device is ‘idle’ a set of erase commands are being sent to the NAND chip well in advance of any potential write command. This way, when there is a write command the erase function has already taken place.

Why might this have affected the memory stick that we had in? Well, that we cannot be 100% sure. We can only presume that at the point of the processor failure there has been a set of erase commands sent to the device. The alternative is of course that the owner has passed us a device that never had any data on it in the first place. That is very unlikely though.

For more information please see:  Self-erasing flash drives destroy court evidence • The Register.

For detailed reading please download the research article, Solid State Drives: “The Beginning of the End
for Current Practice in Digital Forensic Recovery?” JDFSL-V5N3-Bell

Bell, G.B. & Boddington, R., (2010) Journal of Digital Forensic, Security and Law, Vol. 5(3).