• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 442
  • Last Modified:

Security Implications of Flash Memory

Hi Experts.

Today I'm researching the security aspects of USB flash drives.

I'm aware of some issues surrounding hard disk drive storage -- whenever I'm deleting sensitive data I use the Unix shred utility (or equivalent). But I've heard that in some cases, information can be recovered even after it has been overwritten many times.

That aside, I'm looking to purchase a USB flash drive, and the main requirement is that once I delete data off the drive, it can never be recovered.

One of my colleagues advised me against NAND-based flash memory and recommended that I look into NOR-based flash memory instead. He didn't know for sure though -- he had just heard this somewhere.

So basically I need some more information. Would I still need to use a shred utility on NOR-based flash memory. Would there be *any* possibility of recovering data off it? Should I be using flash at all, or some other type of memory?

  • 2
  • 2
  • 2
2 Solutions
Flash uses different type of algorithms, and may not delete until needed, since it tried to minimize writing to flash.

Unfortunately, you would need some low level testing to check whether shredding actually works.

Sorry I could not provide more useful information.

cc16Author Commented:
Okay so it looks like nobody can provide a better answer.

SysExpert, can you give me some  pointers as to how one would go about such low level testing (i.e. is there a tool I can use)?

I suspect that you would need to get an SDK from each Flash manufacturer, both USB  and memory cards.

You would need to test each cipset or at least each algorithim  and 1 chipset per algorithm.

I hope this helps !
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

From my understanding of ROM (Which is what most USB drives are essentially) and hard drives, the main difference would be that one stores data magnetically (hard drives) while the other does so electronically (USB drives).  Now, the question of data destruction becomes one of how the data is destroyed.  On a hard disk it is usually an index in the Master File Table (NTFS) or an entry in the File Allocation Table of a FAT 16 or 32 volume, and therefore the actual data still resides on the drive.  Now, there are utilities that can and will erase the actual data from a drive, but the data may still be recoverable with the proper algorithm.  

In the case of USB drives, both NOR and NAND, the data is kept electronically.  When a data bit is erased, it is due to an electrical discharge and not a change in magnitude.  All of the literature indicates the data is destroyed at the bit level and there is no file table or indexing involved.  Therefore I can say with some certainty that the data would be completely irrecoverable without the necessity of multiple overwrites (as many hard drive data destruction utilities use).  

In short I would feel safe that data erased from a flash drive such as a USB key goes quite quickly into the ether and is not stored for posterity as on a magnectic disk.

One thing I need to get clarification on is how "secure" the destruction of data might be on a solid state drive formatted with NTFS (i.e. the new flash drives available for some notebooks).  From what I have read, when you lose the data there is no chance of data recovery.

Here are a few references.
Well cc16,

It appears that data may be recoverable from a USB drive.  I checked on Drive Savers web site and discovered they offer data recovery of USB keys.  I am not exactly sure the circumstances of the possiblity of recovery, but it does appear to be possible.  I know, from working with them in the past, that they have had success in recovering data that in my opinion seemed to be gone forever.
cc16Author Commented:
Hi SysExpert, eagle.

I'm getting the feeling that it may be very hard to know for sure either way... and this has led me to consider using cryptography and steganography instead.

If I ensure that any cleartext is confined entirely to RAM and never touches the flash or hard drive -- then I will not ever have to worry as to whether or not data can be recovered.

Thanks for the info anyway guys.. it helped in my decision.


Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now