HDD GURU FORUMS :: View topic - Reading residual dataa from SSD reallocated sectors (blocks)

My understanding - and this is an issue ACE have addressed a couple of times : technically yes on a nand level those blocks are available and for forensic purposes may be useful but you're not going to get at them via the standard controller. Encryption being what it is from a data recovery point of view they have no value with the technology of today - but who knows what may be available in the future.

I know this is related to a usb drive https://youtu.be/MKC_Xl5sP6Y?t=4310 may help.

Author:	Shula [ February 23rd, 2021, 21:38 ]
Post subject:	Reading residual dataa from SSD reallocated sectors (blocks)
This question is driven by curiosity, however it originated from a security concern. SMART attribute #5 is a count of sectors that have been removed from the LBA due to unrecoverable errors and replaced by a spare, from what I gather this is mapped in what is called the G-list for growth/grown defects. For the remainder of this thread I will refer to reallocated sectors as blocks since it is more topic appropriate. I am still a newbie so please correct me on any mistakes or misunderstandings I have, it will only make me SMARTer (sorry about that but hey now you understand my experience level on this forum to make such a bold dead horse joke) The security concern was simple: Flash storage can fail in a read-only state. Highly sensitive data could potentially reside in failed blocks and so all SSDs with any value in SMART 5 are to be shredded. A little paranoid but fine. My question: Is there a method to find those reallocated blocks and read from them using available software? Can I view this G-list from the SATA interface either directly or by a work around? I am certain that if the answer is yes, it will be vendor specific. Please enlighten but a mere mortal with whatever wisdom you wish to unveil, o ancient ones...

Author:	pepe [ February 24th, 2021, 4:40 ]
Post subject:	Re: Reading residual dataa from SSD reallocated sectors (blo
I think this issue is pretty much FW dependant. Flash storage treats whole blocks as a unit of erase-rewrite cycles, so i suppose they mark them bad in block units. I also suppose it tries to erase them several times before marking bad, so there's little chance any data would be left in there. These are only guesses, i haven't done a deep research on the matter, as it is out of interest for data recovery, while it would take a lot of time and in the end we would have the result in one single device, kind of like a drop in the ocean. pepe

Author:	Lardman [ February 24th, 2021, 5:22 ]
Post subject:	Re: Reading residual dataa from SSD reallocated sectors (blo
My understanding - and this is an issue ACE have addressed a couple of times : technically yes on a nand level those blocks are available and for forensic purposes may be useful but you're not going to get at them via the standard controller. Encryption being what it is from a data recovery point of view they have no value with the technology of today - but who knows what may be available in the future. I know this is related to a usb drive https://youtu.be/MKC_Xl5sP6Y?t=4310 may help.

Author:	Shula [ February 24th, 2021, 12:30 ]
Post subject:	Re: Reading residual dataa from SSD reallocated sectors (blo
Lardman wrote: My understanding - and this is an issue ACE have addressed a couple of times : technically yes on a nand level those blocks are available and for forensic purposes may be useful but you're not going to get at them via the standard controller. Encryption being what it is from a data recovery point of view they have no value with the technology of today - but who knows what may be available in the future. I know this is related to a usb drive https://youtu.be/MKC_Xl5sP6Y?t=4310 may help. This was very helpful, thank you. Looks like its not going to be your average joe trying to access these reallocated blocks, which is a good thing. Unfortunately for my curiosity, it appears next steps are going to require more equipment and knowledge before I will get any kind of results.

Author:	HaQue [ March 17th, 2021, 10:03 ]
Post subject:	Re: Reading residual dataa from SSD reallocated sectors (blo
there are a lot of different ways data is stored on the NAND, so you may answer your question in one context, one one drive, and same answer may be irrelevant for a different drive. some drives encrypt, some don't (what use is a block of encrypted data?) some drives XOR data, some don't some drives XOR SA area, some don't some embedded systems, the OS keeps track of bad blocks. so you could read the NAND directly if you can't get the controller to show you those blocks, and this may or may not help, depending on the drive.

HDD GURU FORUMS http://forum.hddguru.com/

Reading residual dataa from SSD reallocated sectors (blocks) http://forum.hddguru.com/viewtopic.php?f=7&t=41006	Page 1 of 1

Page 1 of 1	All times are UTC - 5 hours [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/