"He thinks he's safe," Leo muttered, connecting the drive to a specialized hardware imager.
Security and Forensics–Is Solid State Drive a Friend or a Foe? ssd security
This is a story about how the very features that make modern SSDs fast—like and background garbage collection —can become a security professional's biggest headache. The Phantom Files of Sector 42 "He thinks he's safe," Leo muttered, connecting the
Leo knew that SSDs are "liars" by design. To prevent the memory cells from wearing out, a controller inside the drive constantly moves data around in the background—a process called . When you delete a file, the drive doesn't actually delete it; it just marks that space as "invalid" and moves on. The Phantom Files of Sector 42 Leo knew
By bypassing the standard controller interface and talking directly to the NAND flash chips, Leo began to see the "ghosts" of the deleted files.
Because of how SSDs manage data, "deleted" fragments of the stolen trade secrets were still sitting in those hidden cells, waiting for the drive's process to eventually scrub them. But the suspect had panicked and shut the laptop down too quickly, accidentally "freezing" those fragments in place.
The suspect had used a standard software wipe. To the operating system, the drive looked like a desert of zeros. However, Leo was looking for the area—a hidden reservoir of storage cells that the SSD controller uses for its own maintenance.
"He thinks he's safe," Leo muttered, connecting the drive to a specialized hardware imager.
Security and Forensics–Is Solid State Drive a Friend or a Foe?
This is a story about how the very features that make modern SSDs fast—like and background garbage collection —can become a security professional's biggest headache. The Phantom Files of Sector 42
Leo knew that SSDs are "liars" by design. To prevent the memory cells from wearing out, a controller inside the drive constantly moves data around in the background—a process called . When you delete a file, the drive doesn't actually delete it; it just marks that space as "invalid" and moves on.
By bypassing the standard controller interface and talking directly to the NAND flash chips, Leo began to see the "ghosts" of the deleted files.
Because of how SSDs manage data, "deleted" fragments of the stolen trade secrets were still sitting in those hidden cells, waiting for the drive's process to eventually scrub them. But the suspect had panicked and shut the laptop down too quickly, accidentally "freezing" those fragments in place.
The suspect had used a standard software wipe. To the operating system, the drive looked like a desert of zeros. However, Leo was looking for the area—a hidden reservoir of storage cells that the SSD controller uses for its own maintenance.
