![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Prevent RMA-ing a dead SSD with sensitive data
- Thread starter Expansion
- Start date
drescherjm
[H]F Junkie
- Joined
- Nov 19, 2008
- Messages
- 14,937
This.
Trepidati0n
[H]F Junkie
- Joined
- Oct 26, 2004
- Messages
- 9,270
If you are working with such sensitive materials that if somebody saw it, it would results in severe damage to the company/person...YOU DON'T RMA.
notarat
2[H]4U
- Joined
- Mar 28, 2010
- Messages
- 2,433
I use two drives, 50% of the size I need and I run them in RAID 0.
If a drive dies, there's no complete data since it was all striped between two drives.
I still do backups so I have it if "I" need it.
Old Hippie
Supreme [H]ardness
- Joined
- Oct 31, 2005
- Messages
- 6,013
+1
I seriously doubt the techs doing RMAs have the time or inclination to recover any data.
drescherjm
[H]F Junkie
- Joined
- Nov 19, 2008
- Messages
- 14,937
Still if your sensitive file is less than the stripe size (64K, 128K, 256K ...) a complete file may be on a single drive of the raid.
they are hoping to hit a good porn stash?
brutalizer
[H]ard|Gawd
- Joined
- Oct 23, 2010
- Messages
- 1,600
Sometimes I have read that a buyer gets a new computer, but it turns out that the computer is refurbished and the install is from the earlier customer. So the buyer can see family photos, etc.
Maybe your disk will be sold to another person. Maybe your disk will not be erased, by mistake (forgetting). etc
If you have valuable data and can not take this risk, break it and buy a new.
Maybe your disk will be sold to another person. Maybe your disk will not be erased, by mistake (forgetting). etc
If you have valuable data and can not take this risk, break it and buy a new.
TerraPhantm
Gawd
- Joined
- May 7, 2006
- Messages
- 687
How sensitive is the data? If it's such that'll cost you a loss of more than what the SSD is worth, then don't send it in...
Angry_Birds
Weaksauce
- Joined
- Aug 16, 2011
- Messages
- 67
I don't want to sound snippy at all, but if you're asking a question like this I really doubt the data on the drive is THAT valuable.
Old Hippie
Supreme [H]ardness
- Joined
- Oct 31, 2005
- Messages
- 6,013
IMHO the media has many people much more paranoid than they need to be.
While it's possible for these RMA centers to harvest data I'm sure the over-worked, under-paid employees don't bother to even check if the drive's empty or not.
aitoribarra
Weaksauce
- Joined
- Sep 16, 2009
- Messages
- 92
I'm inclined to agree, but then I'm also inclined to think that the same penny-pinching drive manufacturers, who will view the whole warranty/RMA thing as just a cost that they would like to get as low as possible, will also consider the saving on electricity etc they can make by not bothering to run a full erase... with SSDs I guess this is less of a problem, as they can be wiped extremely quickly.
Maybe this is wishful thinking, but there should be an industry standard or even a law for this sort of thing. Any refurbed drive should be guaranteed to be clean of old data.
drescherjm
[H]F Junkie
- Joined
- Nov 19, 2008
- Messages
- 14,937
I have never ever seen any data on a hard drive that I received via RMA (out of 75+ at work). The partition tables are always wiped / zeroed. However I have never tried to undelete them or used any recovery tools.
Last edited:
It is very difficult to recover data from SSDs, period. It's just the way they work. You can't count on recovering much of anything if a file has been deleted. I assume that it holds true if the drive's FW is factory reflashed, as I believe that most factory reflashes are destructive in nature. Milliseconds after data becomes invalidated on an SSD it starts getting erased. I believe that newer drives are more slack in this regard due to trim (some Indilinx FW was/is really, really aggressive at GC). If you were to delete the drive's partition, then immediately unplug the drive most of the data would still be there. But you'd have to desolder the NAND from the PCB and make your own FTL layer to retrieve it. If the drive were to have power for very short periods of time it would render most of the data completely irrecoverable and fragmented.
So I would gauge how "private" the data is and how much damage it would do if it got out. But I also believe that it's highly unlikely that a drive could be fixed without wiping the drive as well. Firmware updates are non-destructive as they update the FW in place. What they do at an RMA center is probably throw the drive in a commercial machine that destructively flashes the FW, doing a factory re-burn in. Most of the RMAs for SSDs are caused by FW problems, so they probably just put it in a device that either wipes the data as part of the process, or intentionally SEs the drive for distribution. I'd say that unless you were looking at 25 years jail time for the drive's contents, you're probably safe from an RMA. I think it's highly unlikely that an RMAd drive will end up in an actual system in front of a tech. Rather, one guy probably straps 10 drives at a time into a diagnostic bay or something.
Encryption doesn't slow down the drive per se; unless it's SandForce, then it's always running at incompressible speeds. But FDE will use every LBA, so the drive will be running just on spare area. Most drives' encryption is pretty good though.
So I would gauge how "private" the data is and how much damage it would do if it got out. But I also believe that it's highly unlikely that a drive could be fixed without wiping the drive as well. Firmware updates are non-destructive as they update the FW in place. What they do at an RMA center is probably throw the drive in a commercial machine that destructively flashes the FW, doing a factory re-burn in. Most of the RMAs for SSDs are caused by FW problems, so they probably just put it in a device that either wipes the data as part of the process, or intentionally SEs the drive for distribution. I'd say that unless you were looking at 25 years jail time for the drive's contents, you're probably safe from an RMA. I think it's highly unlikely that an RMAd drive will end up in an actual system in front of a tech. Rather, one guy probably straps 10 drives at a time into a diagnostic bay or something.
Encryption doesn't slow down the drive per se; unless it's SandForce, then it's always running at incompressible speeds. But FDE will use every LBA, so the drive will be running just on spare area. Most drives' encryption is pretty good though.
If RMA technicians had to hook every drive up to a desktop PC individually, they'd never get anything done. Also, if the RMA center had access to customer data, it would actually expose them to quite a bit of liability -- after all, if you were to RMA a drive that could implicate your involvement in a serious crime, and the RMA center personnel had access to it and knowledge of, but didn't do anything, the company could be liable at least on a civil basis. Either way, it's good to not just assume that your data is irrecoverable, but it could only be recovered under very specific circumstances. After all, most data on the drive is really spread out over every NAND device where possible. So a larger file might exist in 16 to 64 or more pieces -- though if there was one place where it could be recovered, it's the factory. If it were easy to do, they could make a good chunk of money just recovering data from dead drives for a lot more money than the drive cost in the first place. But they don't, because it's difficult and time consuming. It's hard enough on a HDD, but far more difficult on an SSD. Recovering data from an SSD is nothing like a HDD (because of the dynamic nature of the SSD itself, most notable wear leveling and garbage collection). HDDs are fairly easy to recover data from if it's not been physically damaged or securely/sanitary erasure.
If you were to delete some files on an SSD, you'd have almost no time to recover them. Most of the time all that's left are some fragments that may exist in a couple different places -- but just fragments. There are a couple of interesting papers on forensic data recovery that were linked here. They're well worth a read.
If you were to delete some files on an SSD, you'd have almost no time to recover them. Most of the time all that's left are some fragments that may exist in a couple different places -- but just fragments. There are a couple of interesting papers on forensic data recovery that were linked here. They're well worth a read.
Acer_Sheep
[H]ard|Gawd
- Joined
- May 18, 2007
- Messages
- 1,201
When you RMA your drive, no one will be looking at your data, even the drive if it is dead already can't be repaired so I assume they just test it out with their specialised software and if it not pass it is basically thrown out and you get replacement. Nothing to worry about.
I don't think you have anything to worry about, but I wouldn't risk jail time or even getting fired. Unless maybe it's a really, really expensive SSD.
Or a SandForce. The chances of getting data recovered from a SF are pretty much nil. Even if you wanted to, much less if you were just RMAing the drive. Most data recovery centers can't recover data from SF drives that aren't working, and it the drive was working you wouldn't need to recover the data.
Or a SandForce. The chances of getting data recovered from a SF are pretty much nil. Even if you wanted to, much less if you were just RMAing the drive. Most data recovery centers can't recover data from SF drives that aren't working, and it the drive was working you wouldn't need to recover the data.
Last edited:
lol. XD
haha made my day. Just came from what should've been 5 minutes in walmart, turned out to be 1 hour+.