How can I tell if my SSD is really secure erased, with a huge $BadClus file on it?

Question

Backstory: almost a year ago, I bought a Silicon Power Ace A56 256GB SATA SP256GBSS3A56B25. After 4 months, it suddenly went into Satafirm S11 mode, which meant I couldn't boot a system from it, computers didn't see it, and it displayed as Satafirm S11 in BIOS. Eventually, using software from the manufacturer website, I managed to sort of fix it - it got normal again, it's recognized by Windows, I can move files there, etc. But all my data was lost as a result, or at least rendered inaccessible.

But according to some info from the internet, this satafirm thing can easily happen again, any time, because the microcontroller of this SSD type makes it so. And I really can't install the system back on it and keep using it, risking to lose the data again and having to fix it again. Which is why I want to return it and have a refund.

But to do it, I need to do a secure erase. That's because I'm not sure that the data is actually lost, maybe it's there, quite easy to access, my passwords and whatever else was there, and I just don't have the right tech skills to do it. I can't do the erase with SP Toolbox, the manufacturer's software, because for some reason it ignores my SSD and just doesn't see it. I used EaseUS Partition Master to wipe it a couple of times, and even filled the disk to capacity with big video files to overwrite the previous data, but that was before I learned that it's useless (?) with SSDs due to the way they work, and actually kinda bad for them. Not that I care very much about the disk's health any more, since I want to get rid of it, but still.

Then I used Recuva to check if there is anything left on the SSD. Recuva keeps finding the same 32 files, 8 of which are listed as unrecoverable, and one of the others that are just 'not deleted' is $BadClus with the size of 250Gb, almost the exact size of the disk. I read many threads about it, but still don't understand - what does this mean? How can this BadClus be so big and, more importantly, can my data, like passwords, be recovered from it? What happens if I try to recover it? And what do other 'not deleted' files mean, what can be retrieved from them (I'm attaching a Recuva screenshot)? Maybe there is a way to delete them all without recovering? Is my SSD erased securely enough after all or not? If not, what can I do to erase it completely?

Thanks in advance.

Answer 1

Is my SSD erased securely enough after all or not? If not, what can I do to erase it completely?

You cannot tell, unfortunately.

Do not rely on Secure Erase with SSDs. Any erasing and overwriting strategy will only affect the sectors that the firmware of the SSD shows to the computer. The visible pool of sectors that is visible outside (p.e. by duplicating the SSD sector-wise) is only a part of the total internal pool of sectors.

What happens to the remaining sectors of the SSD that are not visible outside during Safe Erase is a black box.

Legacy rotating HDDs show sector replacements in their SMART data. That shows you the extent of unaccessible storage and the amount of data a possible attacker could recover. A sector replacement in a rotating HDD is caused by a failure.

In a SSD however, the replacement of sectors (or whatever the internal administrative unit really is) is not a bug - it is a feature!

Sectors, blocks get remapped on a regular basis depending on their use. Therefore the dimension of inaccessible storage space that might carry sensitive information is much higher.

Phyiscall destroy your storage, HDDs included if you have doubts unless you were using software encryption right from the beginning of use. Hardware encryption is dubious and not something to rely on.

Answer 2

Then I used Recuva to check if there is anything left on the SSD. Recuva keeps finding the same 32 files, 8 of which are listed as unrecoverable, and one of the others that are just 'not deleted' is $BadClus with the size of 250Gb, almost the exact size of the disk.

These are all NTFS file system files. Some sizes are 'meaningless', for example $Badclus is a 'sparse file' and the size of the entire volume. The files you currently see and that are discovered by Recuva are written to the drive after the SATFIRM repair.

To see if data remains, the screenshot if meaningless, you'd typically use a disk editor and quickly glance over the 'surface'. Apart from the NTFS system files you should see nothing than zeros.

The tool you used to take care of the SATAFIRM issue wiped the firmware level translator (FTL). A data recovery lab may still be able to to get the data, assuming the drive isn't "self encrypting" (SED) and encryption key wasn't 'reset'. It also depends on exact SSD model and whether that's supported by the PC3000 data recovery tool.

Use manufacturer Secure Erase tool to make all data unrecoverable.

BTW, SATAFIRM is a protective state/mode the Phison firmware switched itself into because it ran into a problem. A sort of 'panic' or 'safe' mode.

Answer 3

If not, what can I do to erase it completely?

Considering the nowadays price of a 256GB SSD (15$?) I'd simply consider the physical destruction.

You could use an angle grinder, but it's a bit risky ;-)

Any hammer will do; simply break the plastic case, then make powder from the electronic chips - or tiny parts.

Nobody will ever be able to reconstitute any data from this.

Of course, pay attention to your fingers and eyes, dispose this trash with respect of the environment. And more disclaimers...