I've never had to create a bootable drive before. I'm not exactly a hardware person either. I wanted to erase an SSD drive. I've read a little bit of forensics and how if drives aren't properly handled, some information can still be retrieved. I wanted to make sure that the information on this particular drive was either not accessible to get or completely erased. I prefer the latter, but realize that sometimes that may not be possible.
So I did some research. SSD drives cannot be erased in the same way as the old spinning platter drives. The spinning platter disc drives could simply be overwritten by flipping all of the bits on the drives to 0s. The way in which SSD drives work, the user is only presented with sort of a window of data that the controller shows them, not every single section on the drive. So theoretically, some information can still be on the drive, even if all the bits on one part are overwritten with 0s. Not sure how great the following websites are, but I found them helpful.
The tech behind SSD is explained here:
https://computer.howstuffworks.com/solid-state-drive.htm
The difference between SSDs and Spinning Platter hard drives:
https://www.extremetech.com/extreme/210492-extremetech-explains-how-do-ssds-work
SSDs can be reset using a Secure Erase command that is in most of the SSDs produced since 2001. According to the following Q&A, it's not exactly an erase; it's more of a reset.
Secure Erase Q & A - this is a doc file.
My device isn't that old, so it should support that command. My device is a Samsung EVO 850. There is a utility by Samsung called Magician that works with certain devices-this model being one of them. I figure that the manufacturer knows its drive better than anyone, so it seems safer to use the manufacturer's own utility even though there are other options like linux hdparm. My drive is no longer in the laptop that it was originally in.
The manual for Magician says that it can't erase a drive that is connected in any manner other than the motherboard, but it says that one can create a bootable USB drive that has secure erase on it to delete the SSD.
Download - Samsung Magician Consumer Magician Installation Guide
I installed Magician on a Windows device. I tried docking the drive on a Wiebetech Forensic Ultradock to see if I could make a bootable USB drive. Magician wouldn't give me the option to create a bootable USB drive because it didn't detect the drive. (Windows detected the drive just find. I could peruse the directory structure in Windows Explorer. It was like browsing a USB drive.
So I did more research.
I found this:
https://us.community.samsung.com/t5/Others/How-to-use-Secure-Erase-on-an-SSD-when-you-only-have-one-SATA/td-p/103566
I didn't use Rufus, like in the directions in the website above. I used Ubuntu, a FreeDOS ISO downloaded from the FreeDOS website, gparted, and the native dd command to create a bootable DOS drive.
1. Start Ubuntu on a host machine or VM. I used VMWare Workstation and a guest Ubuntu ISO.
2. apt-get install gparted
3. plug in an empty USB
4. See which /dev directory that the USB is attached to. Usually like /dev/sdb. Can do this by typing dmesg | tail -n 10. The output should show the name, size, and directory of the USB
5. sudo gparted ; enter password if it is set.
6. Select the correct device from the dropdown on the right.
7. On the menu, choose Partition. If the drive isn't empty, delete what is on the drive by clicking on "Delete". This will permanently delete the info, so keep this in mind. Click on the green checkmark icon to apply the changes to the drive.
8. If/when the drive is empty, select "New". A popup should appear. Make the size of the drive 4096 KB (4 MB). Choose NTFS for the File system. Click OK. Click on the green checkmark icon to apply the changes to the drive.
9. Exit the program.
10. Download the FreeDos ISO
11. dd if=/pathandname/of/FreeDos.ISO of=/dev/devname bs=4MB
I then had a bootable DOS USB.
I then followed the directions on the following website from steps 2 down.
https://us.community.samsung.com/t5/Others/How-to-use-Secure-Erase-on-an-SSD-when-you-only-have-one-SATA/td-p/103566
I hooked up the SSD drive to the SATA port of an old tower Desktop computer. I plugged in the USB and it booted from DOS. (It asks to install DOS to the hard drive, but you just choose the language, and then exit to DOS. It doesn't install DOS.)
When the DOS prompt appeared, I typed in "serase" and pressed enter. (It is whatever the name of the secure erase bat file is, if serase doesn't work for you. In case you changed the name of the bat file for some reason.)
It should bring up a pseudo-GUI. Magician should detect the drive if it was connected properly. Then it will give you the option to secure erase the drive. Follow the on-screen directions. It's weird because it doesn't take long to erase at all.
Then I exited to DOS, and typed shutdown. I now have an erased SSD drive.
I'm not exactly sure how the different versions of secure erase works. From what I understand there are a couple of versions- secure erase and enhanced secure erase. For my needs, whatever Samsung Magician did is probably fine, but for any business purpose the drives should probably be secure erased and destroyed if they have PII on them because even secure erase is no guarantee that everything is off the drive. I'm not sure if secure erase meets the legal requirements for HIPPA, PCI, or other laws. Companies should consult their compliance advisors and/or legal team to determine this.
No comments:
Post a Comment