- This is unrelated to my above questions, but can someone recover deleted files off of an SSD drive in the same way one can on a traditional disk drive? (i.e. is there any point to doing a multi-pass wipe of an SSD drive)
Yes. It just requires different technology. But there are people with those skills. Although there is a shelf life to the data if the SSD is actively being written to.
And SSD sector can ONLY be written to ONCE, and then it must have a special process applied that resets the sector so it can be written to again. Zeroing is not a reset, it is a totally different process.
For each write the SSD remaps the target sector into the garbage collection pool. It then maps a previously reset sector at the logical offset you wish to write. It then applies your write to the sector. It does this for every write you do. That is to say you NEVER over write your data. It is always moved into the garbage collection pool. If you do a 7 pass erase, it will just keep remapping the target offset into the garbage collection pool. So the garbage collection pool with have your original data, and 7 copies of random data. And of course each sectors with those 7 copies of random data just had their life shortened by 1 write cycle.
SSDs might have a write life of from 1,000 writes to 10,000 writes (they are getting better on the life of the writes, but it is still not a huge number). The SSDs get around this by A) they do wear leveling to avoid writing to the same sector too many times. B) they are over provisioned (a few extra gigabytes of additional sectors) so that as a group of sectors becomes unreliable, they can be retired, and the loss of storage made up for from the over provisioned pool.
The SSD CANNOT reset just 1 sector. It applies the reset to a group of sectors that may be as few as 64K, or maybe 512K, or even larger. When it need to reset a group, if there are any still good sectors in the group, the SSD must copy the good sectors to somewhere outside the reset group, perform the remapping to make the new copy appear that the correct offset, and put the original copy in the garbage collection pool. Then it can reset the group. The reset group gets put into the ready for writing list.
So if say MOST of the reset group contains good data, then it is possible the SSD will avoid choosing that reset group to be reset and whatever data was in the part of the reset group that still has old data on it, will hang around for as long as the SSD avoids resetting that group. Remember, if just 1 out of say 128 sectors is in the garbage collection pool, to reset that pool would require doing 127 copies, shortening the life of some other sectors just to reset that 1 sector in the garbage collection pool. That is a loosing proposition for the SSD, so it is not going to do that. Thus some of your data may hang around for years as long as those other 127 sectors do not changed. I do not know where an SSD would choose to make that trade-off, but if you are talking about a social security number that can live in 1 sector without a problem.
Garbage collection. The SSD will, when not busy reading or writing data, attempt to reset groups in the pool and put them on the ready to write list. That way when you do a large write (think pictures, music, videos, etc...), there lots of available sectors ready to be written, so the SSD can proceed at the fastest possible speed.
If the ready to write list becomes exhausted, then the SSD must start cleaning things from the garbage pool which A) requires the special reset operation, B) may require coping good data out of almost empty reset groups. This slows down your write speed.
NOTE: While you are using sectors from the ready to write list, you are also moving sectors being remapped into the garbage pool. So you will always have sectors to reset, it is just a matter of how much work must be done to get them ready to be written again, and if the SSD is idle so you do not notice it, or if it has to stop accepting your data while it does the resets.
An Apple SSD has TRIM enabled (3rd party SSDs can have TRIM enabled as well, but you have to manually do that). TRIM is a way for the file system to tell the SSD that it just deleted a file, and that all the storage for that file can be put in the garbage collection pool. This gives the SSD more available sectors to find entire reset groups that do not need to have good data copied out of them, which is better for the life of the SSD.
A little more on the short shelf life. Assuming you change over enough data on the SSD, then except for reset groups the SSD decides should be left alone to avoid excessive resets, over time sectors in the garbage collection pool will get reset and the original data will be gone.
NOTE: Any SSD sectors that become unreliable get retired, and those will most likely retain their data for a much longer period of time, just like a mapped out rotating disk sector that becomes unreliable.
Bottom line.
- An SSD has a limited number of writes that the SSD goes through huge efforts to avoid writing to the same physical sector too many times (wear leveling).
- The SSD does not over write your data.
- Your data may sit in the garbage collection pool forever if the SSD decides to avoid shortening the life of the unchanged part of the reset group.
I am curious why apple did this. I know there are concerns with people using the utility and wiping things they shouldnt, damaging their machines.
I would guess that when you say something is secure and it is not, that you open yourself up to all kinds of legal issues.
Also more and more of Apple's products are moving to SSD storage. Writing erase patterns to an SSD, shorten the life of the SSD and do not actually write over what you want.
But for people selling computers and drives you would think there would be a way for people to securely remove their data. Computers have social security numbers and a lot of personal things you would think Apple would be willing to help protect when their devices are disposed of or sold?
Apple did provide something. System Preferences -> Security -> FileValut. If you have been using FileVault all along, then when you want to sell your Mac, you just reformat the storage, which destroys the keys, then install a clean copy of OS X, and you are good to go. Because without the encryption keys, all that data is just a bunch of random bits. And because you have been using FileVault from the beginning, any data sitting in the over provisioning pool, or data that has been mapped out because the sectors have become unreliable, etc... are also just random bits without the encryption keys.
Also with FileVault on, you deleted files are just a bunch of random bits.
Problem solved.