Security Implications of Flash Memory

Posted on 2007-07-26
Last Modified: 2013-11-14
Hi Experts.

Today I'm researching the security aspects of USB flash drives.

I'm aware of some issues surrounding hard disk drive storage -- whenever I'm deleting sensitive data I use the Unix shred utility (or equivalent). But I've heard that in some cases, information can be recovered even after it has been overwritten many times.

That aside, I'm looking to purchase a USB flash drive, and the main requirement is that once I delete data off the drive, it can never be recovered.

One of my colleagues advised me against NAND-based flash memory and recommended that I look into NOR-based flash memory instead. He didn't know for sure though -- he had just heard this somewhere.

So basically I need some more information. Would I still need to use a shred utility on NOR-based flash memory. Would there be *any* possibility of recovering data off it? Should I be using flash at all, or some other type of memory?

Question by:cc16
    LVL 63

    Accepted Solution

    Flash uses different type of algorithms, and may not delete until needed, since it tried to minimize writing to flash.

    Unfortunately, you would need some low level testing to check whether shredding actually works.

    Sorry I could not provide more useful information.


    Author Comment

    Okay so it looks like nobody can provide a better answer.

    SysExpert, can you give me some  pointers as to how one would go about such low level testing (i.e. is there a tool I can use)?

    LVL 63

    Expert Comment

    I suspect that you would need to get an SDK from each Flash manufacturer, both USB  and memory cards.

    You would need to test each cipset or at least each algorithim  and 1 chipset per algorithm.

    I hope this helps !
    LVL 3

    Assisted Solution

    From my understanding of ROM (Which is what most USB drives are essentially) and hard drives, the main difference would be that one stores data magnetically (hard drives) while the other does so electronically (USB drives).  Now, the question of data destruction becomes one of how the data is destroyed.  On a hard disk it is usually an index in the Master File Table (NTFS) or an entry in the File Allocation Table of a FAT 16 or 32 volume, and therefore the actual data still resides on the drive.  Now, there are utilities that can and will erase the actual data from a drive, but the data may still be recoverable with the proper algorithm.  

    In the case of USB drives, both NOR and NAND, the data is kept electronically.  When a data bit is erased, it is due to an electrical discharge and not a change in magnitude.  All of the literature indicates the data is destroyed at the bit level and there is no file table or indexing involved.  Therefore I can say with some certainty that the data would be completely irrecoverable without the necessity of multiple overwrites (as many hard drive data destruction utilities use).  

    In short I would feel safe that data erased from a flash drive such as a USB key goes quite quickly into the ether and is not stored for posterity as on a magnectic disk.

    One thing I need to get clarification on is how "secure" the destruction of data might be on a solid state drive formatted with NTFS (i.e. the new flash drives available for some notebooks).  From what I have read, when you lose the data there is no chance of data recovery.

    Here are a few references.
    LVL 3

    Expert Comment

    Well cc16,

    It appears that data may be recoverable from a USB drive.  I checked on Drive Savers web site and discovered they offer data recovery of USB keys.  I am not exactly sure the circumstances of the possiblity of recovery, but it does appear to be possible.  I know, from working with them in the past, that they have had success in recovering data that in my opinion seemed to be gone forever.

    Author Comment

    Hi SysExpert, eagle.

    I'm getting the feeling that it may be very hard to know for sure either way... and this has led me to consider using cryptography and steganography instead.

    If I ensure that any cleartext is confined entirely to RAM and never touches the flash or hard drive -- then I will not ever have to worry as to whether or not data can be recovered.

    Thanks for the info anyway guys.. it helped in my decision.


    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    This article is an update and follow-up of my previous article:   Storage 101: common concepts in the IT enterprise storage This time, I expand on more frequently used storage concepts.
    I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
    This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now