SSDs (solid-state drives) are a type of data storage device that uses flash memory chips to store data, unlike traditional hard disk drives (HDDs) that use magnetic disks for data storage. SSDs have no moving mechanical parts, making them faster, quieter, and less prone to damage compared to HDDs. When a file is deleted on a computer, the reference to that file’s data on the storage drive is removed, but the actual data may still physically remain on the drive until it is overwritten by new data. On both SSDs and HDDs, deleted file data persists until the space it occupies is needed for new data. However, the way this deleted data is handled differs between SSDs and HDDs.
How Data is Stored on SSDs
SSDs store data in NAND flash memory cells organized in blocks, unlike hard disk drives (HDDs) that store data on spinning magnetic disks called platters (1). The NAND flash memory in SSDs contains no moving parts and allows for much faster access times than traditional HDDs (2).
The flash memory cells in an SSD are grouped into pages, which are then organized into blocks. Each cell can store one bit of data as either a 1 or 0. The blocks are accessed and written to randomly, allowing SSDs to access any piece of data in flash instantly, unlike HDDs which must physically spin to the correct disk location (3). This is what gives SSDs their significant speed advantage.
However, NAND flash memory can only be written and erased a limited number of times before it wears out. To account for this, SSD controllers use techniques like wear leveling to distribute writes across all blocks evenly. They also designate extra capacity as spare area to replace worn out cells (1).
File Deletion Process on SSDs
When a file is deleted on an SSD, the reference to that file in the file table is removed, but the actual data remains in the memory blocks. This is different from traditional hard disk drives (HDDs) where deleting a file removes the physical sectors that stored the data, making recovery very difficult.
SSDs have a file system that uses a file table to keep track of where files are located in the drive’s memory blocks. When you delete a file, the SSD’s controller simply removes that file’s entry from the table. The data itself remains intact in the flash memory blocks until those blocks are reused for new data.
This is why deleted files can often be recovered from SSDs using data recovery software, as long as the original data blocks have not been overwritten. The data recovery software scans the drive and looks for files that still have intact data blocks but no file table reference.
In summary, on an SSD the act of deleting a file does not touch the actual data – it only removes the SSD’s awareness of where that data exists. The original data persists until replaced by new data写入.
Sources:
[1] https://www.stellarinfo.co.in/kb/what-happens-when-files-are-accidentally-deleted-from-ssd.php
Garbage Collection
Garbage collection is an important process that occurs on SSDs to help optimize performance. The SSD controller chip handles garbage collection. It works by reclaiming unused memory blocks that contain deleted data so they can be reused for future writes 1.
When a file is deleted on an SSD, its data is not immediately erased. The reference to that data is simply removed from the file system index. The actual data remains in the flash memory blocks. This allows for quick “undelete” functions. However, it means there can be a buildup of blocks containing invalid data that are no longer accessible but still take up space.
The garbage collection process wipes these blocks clean by erasing the old data. This makes the blocks available again to store new data in the future. Aggressive garbage collection is crucial for maintaining the high performance that SSDs are known for. It ensures there are always free, wiped blocks ready to be written to 2.
Trim Command
The Trim command plays an important role in the SSD file deletion process. As explained on the TechTarget website, “The SSD TRIM command simply marks the invalid data and tells the SSD to ignore it during the garbage collection process. The SSD then has fewer pages to move around.”
Essentially, the Trim command informs the SSD about which blocks of data are no longer needed because they contain deleted files. This allows the garbage collection process to specifically target those blocks for erasing and reuse, rather than having to go through all blocks indiscriminately. As Crucial’s website states, “The Trim command tells the SSD that specific areas contain data that is no longer in use. From the user’s perspective, this data has been deleted from a file or folder.”
By enabling the SSD controller to focus only on blocks with deleted data during garbage collection, the Trim command improves efficiency and performance.
Data Persistence on SSDs
Unlike traditional hard disk drives (HDDs), deleted data on solid state drives (SSDs) generally remains recoverable until it is overwritten by new data or wiped by the garbage collection process. This is because SSDs handle deletions by simply marking data blocks as invalid in the file table, without actually erasing the underlying data right away. So until those blocks get recycled and rewritten, forensic data recovery is often possible.
However, full drive encryption such as BitLocker can prevent recovery of deleted files on SSDs. The encryption protects data remnants from being accessed without the proper key. Additionally, the TRIM command sends an instruction to promptly erase deleted blocks, reducing the window for recovery. So while basic file deletion on SSDs doesn’t immediately destroy data, the use of encryption and TRIM commands can severely limit recoverability.
Secure Deletion Methods
Securely deleting files on an SSD requires overwriting data multiple times, which makes recovery difficult or impossible. Tools like ATA Secure Erase and NVMe Secure Erase can wipe all unused blocks on an SSD drive by issuing firmware commands.
These built-in SSD erase tools overwrite all data on the drive by replacing content with binary 1s and 0s. Performing multiple pass overwrite operations hinders data recovery, providing a more secure deletion than standard delete commands. The process fully resets the SSD to factory settings.
For individual files and folders, overwriting the data 7-35 times meets U.S. government data sanitation standards. However, SSD architecture makes selectively targeting specific files for secure deletion difficult compared to traditional hard drives.
Comparison to HDDs
One of the biggest differences between SSDs and HDDs in how file deletion works comes down to the underlying technology. HDDs are mechanical drives that store data on magnetic platters. SSDs are solid state with no moving parts and use flash memory chips to store data.
On a traditional HDD, when you delete a file, the reference to that file is removed from the file system index. However, the actual data still remains magnetically imprinted on the platters. The space occupied by the deleted file is marked as available in the file table, so it can be overwritten in the future. Until that overwrite happens, the deleted file can often be recovered using data recovery tools.
With SSDs, when a file is deleted, the reference is immediately removed from the index and the space is marked as available. The flash memory cells can be erased and rewritten right away. So unlike HDDs, the original data is not still magnetically stored and waiting to be overwritten. This makes recovery of deleted files much more difficult, if not impossible on SSDs.
In summary, file deletion happens immediately on SSDs, while on HDDs the actual data remains and recovery is possible. The underlying solid state versus magnetic technologies result in very different file deletion behaviors.
Best Practices
When it comes to securely deleting files on an SSD, there are some best practices you should follow:
First, encrypt your SSD drive whenever possible. By enabling drive encryption such as BitLocker on Windows or FileVault on Mac, you add an extra layer of security that makes it much more difficult for deleted files to be recovered. Even if deleted data persists in unused blocks, the encryption will render the data unreadable without the proper encryption key. Just be sure not to lose your encryption key, or the data will be lost forever.
Second, for sensitive files that you want to make sure are securely deleted, overwrite the data before deletion. You can use secure deletion software that overwrites files multiple times to make recovery impossible. By overwriting a file before deletion, you ensure no trace of the original data persists. This is especially important for sensitive documents like tax records that contain personal information.
Following best practices like encryption and overwriting for secure deletion will give you confidence that your deleted files are truly gone from an SSD, unrecoverable to anyone attempting data recovery.
Conclusion
In summary, there are some key differences in how file deletion works on solid state drives compared to traditional hard disk drives. When a file is deleted on an SSD, the operating system simply marks the file’s data blocks as free space available for future writes. The data itself remains intact in the flash memory until the SSD controller runs a garbage collection process to permanently wipe those blocks. This makes file deletion very fast on SSDs, but it also means deleted data can persist for some time afterwards if it hasn’t been overwritten. Securely wiping an SSD requires overwriting the data blocks multiple times or using the TRIM command to notify the SSD controller to permanently erase data marked for deletion. SSDs store data very differently than HDDs, so file deletion is much faster but less immediately secure on solid state drives. Following best practices like encryption can help mitigate this difference.
