brian easter tasc security certification services november 2013 new technology: solid state hard...
TRANSCRIPT
Brian EasterTASC Security Certification Services
November 2013
New Technology:Solid State Hard Drives,Considerations & Concerns
Solid State Drives – What they are, why we care
Advantages
Concerns
(SSD Test Video, time allowing)
Overview
2
You Can’t Manage Risks You Don’t Understand
Solid State Drives (SSD)
3
What are they?
Non-volatile Flash memory
No Moving Parts
Standard HD interface
Shock-resistant, silent, low power draw
Outperforming Hard Drives now, and still getting faster
SSD Power Draw, Other Factors
4
Other Attributes Solid State Drive Hard Disk Drive
Cost Expensive, $1.00 per gigabyte
Inexpensive, $0.10 per gigabyte
Capacity Typically not larger than 512GB
500GB – 2TB are common, larger drives available
Noise Silent Variable, but some noiseVibration None Some VibrationHeat Produced Very little More heat, a consideration
for laptopsFailure Rate
Mean time between failure rate of 2.0 million hours
Mean time between failure rate of 1.5 million hours
Affected by Magnetic Fields?
An SSD is safe from any effects of magnetism Magnets can erase data
SSD Speed
5
WD Caviar Black
HDIntel X25 SSD
SSD Speed – Potential
Super Talent – SSD Using PCIe Interface
Read SpeedsWD HD = .7 Gb/sIntel SSD = 1.9 Gb/sRAIDDrive = 19.2 Gb/s
DDR2 1066 SDRAM = 66 Gb/s
Hard Drive Formatting uses tracks, sectors
SSD formatting uses memory cells, pages, blocks
OS uses HD commands, Flash Controller translates
SSD Flash Controller Issues
7
Hard Drive
Operating System:“Write to Track X, Sector Y”
Flash Controller:“OK, I did it” but actuallywrites differently
SSD Flash Memory
Solid State Drives: The Beginning of the End for Current Practice in Digital Forensic Recovery?
Graeme B. Bell, Richard Boddington, JDFSL
[SSDs] “can operate under their own volition in the absence of computer instructions. Such operations are highly destructive of traditionally recoverable data. This can contaminate evidence; can obfuscate and make validation of digital evidence reports difficult; can complicate the process of live and dead analysis recovery; and can complicate and frustrate the post recovery forensic analysis.
Our experimental findings demonstrate that SSDs have the capacity to destroy evidence catastrophically under their own volition, in the absence of specific instructions to do so from a computer.”
SSD Forensic problems
8
From the Research paper “Reliably Erasing Data From Flash-Based Solid State Drives”, Michael Wei, et. Al.
SSD Wiping problems
9
Single File Sanitization
Embrace the concept – SSDs are here to stay
Talk to your customers before moving to SSD
Make sure Purchasing and IT Staff coordinate SSD use with Security
So, What To Do?
10
