ssd - weakish/cheat GitHub Wiki

Ext4

Add noatime option in /etc/fstab.

Sanitization

SSDs maintain a layer of indirection between the logical addresses used by computer systems to access data and the internal addresses that identify physical storage. This layer of indirection hides idiosyncratic media interfaces and enhances SSD performance, reliability, and lifespan. But it can also produce copies of the data that are invisible to the user and that a sophisticated attacker could recover.

For sanitizing entire disks, sanitize commands built into the SSD hardware have been found to be effective, but manufacturers sometimes implement them incorrectly. On Linux, you can use hdparm to send ATA command, e.g. 'Security Erase Unit'.

Overwriting the entire visible address space of an SSD twice is usually, but not always, sufficient to sanitize the drive.

In testing, none of the software techniques were effective for sanitizing individual files. These included well-known algorithms such as the Gutmann method, US DoD 5220.22-M, RCMP TSSIT OPS-II, Schneier 7 Pass, and Mac OS X Secure Erase Trash.

Reference

• Michael Wei, Laura M. Grupp, Frederick E. Spada, Steven Swanson (February 2011). "Reliably Erasing Data From Flash-Based Solid State Drives"