TAGITM Monthly
 

Solid State Drives and Data Recovery

Print this Article | Send to Colleague

Most IT professionals are familiar with how traditional hard disk drives (HDD) operate. Internally, they look like an old record player with an arm moving across stacks of platters. Logically, data is stored in various locations on these platters creating a virtual scavenger hunt where each piece of data points to where the next piece is located. When data is deleted on a HDD the entry point to the "path" is flagged as available for overwrite. When the space is needed, the old data is replaced by the new data.

NIST 800-88 notwithstanding, recovering data from a HDD is the process of restoring or recreating the pointers along this logical data path. Since the data is still on the drive, a file may even be restored if some of it is overwritten or destroyed like when a black box is damaged from an airline accident. 

The mechanical nature of a HDD can also provide indications of failure due to an increase in vibration, heat, or cringe worthy sounds.

Solid state drives (SSD), on the other hand, do not have moving parts. Data is stored on chips mounted directly on a circuit board. Although this makes SSDs more rugged and faster than HDDs, they are not without risk. 

Without diving too deep into the science, each time data is written to a location on a SSD, the block loses a very small amount of charge. After approximately 100,000 re-writes, the block is no longer viable. Unlike a HDD, there isn't an increase in vibration or sound. You get the same amount of warning as the check-engine light in your car.

Another critical distinction between the two drive types is that a solid-state drive can only store data into an empty space on the drive. When data is deleted on a SSD, the location is overwritten with zeros in order for the space to be available for subsequent use. Data is not flagged to be overwritten in the future. It is purged at the time of deletion. Gone! Even data recovery firms indicate that attempting to restore data from a SDD is expensive, time consuming, and is not guaranteed.

I need to emphasize that I am not against the use of solid-state drives. In addition, this is not meant to be a comprehensive or exhaustive comparison of the pros and cons between the two technologies. I encourage doing your own research to make informed decisions and avoid being caught off guard in the middle of an incident.

Eric Yancy, CISSP, CISM, CISA, CCSK, CCSA
Information Security Officer
City of Denton

 

Back to TAGITM Monthly

Share on Facebook Share on Twitter Share on LinkedIn