Can wiped SSD data be recovered?

Yes. If you do a normal format, the old data can be recovered. A normal format only deletes/overwrites a tiny bit of filesystem metadata, but does not overwrite all of the data itself. The data is still there. This is especially true on SSDs, due to wear levelling and other features of SSDs.

The following research paper studies erasure of data on SSDs:

  • Michael Wei, Laura M. Grupp, Frederick E. Spada, and Steven Swanson. Reliably Erasing Data From Flash-Based Solid State Drives. USENIX Conference on File and Storage Technologies, 2011.

One takeaway lesson is that securely erasing data on a SSD is a bit tricky. One reason is that overwriting data on a SSD doesn't work the way you'd think it does, due to wear-leveling and other features. When you ask the SSD to "overwrite" an existing sector, it doesn't actually overwrite or delete the existing data immediately. Instead, it writes the new data somewhere else and just change a pointer to point to the new version (leaving the old version laying around). The old version may eventually get erased, or it may not. As a result, even data you think you have erased, may still be present and accessible on the SSD.

Also, SSDs are a bit tricky to sanitize (erase completely), because the methods that used to work for magnetic HDDs don't necessarily work reliably on SSDs (due to the aforementioned wear levelling and other issues). Consequently, utilities that are advertised as providing "secure drive erase" functionality may not be fully secure, if applied to a SSD. For instance, the FAST paper found that, in most cases, performing a full overwrite of all of the data on the SSD twice was enough to sanitize the disk drive, but there were a few exceptional cases where some of the data still remained present. There may be other reasons not to want to perform repeated overwrites of the full drive: it is very slow, and it may reduce the subsequent lifetime of the drive.

The FAST paper also found that degaussing (a standard method used for sanitizing magnetic hard drives) is not effective at all at sanitizing SSDs.

Moreover, the FAST paper found that standard utilities for sanitizing individual files were highly unreliable on SSDs: often a large fraction of the data remained present somewhere on the drive. Therefore, you should assume there is no reliable way to securely erase individual files on a SSD; you need to sanitize the whole drive, as an entire unit.

The most reliable way to securely erase an entire SSD is to use the ATA Secure Erase command. However, this is not foolproof. The FAST paper found that most SSDs implement this correctly, but not all. In particular, 8 of the 12 SSDs they studied supported ATA Secure Erase, and 4 did not. Of the 8 that did support it, 3 had a buggy implementation. 1 buggy implementation was really bad: it reported success, but actually left the data laying around. This is atrociously bad, because there is no way that software could detect the failure to erase. 2 buggy implementations failed and left old data laying around (under certain conditions), but at least they reported failure, so if the software that sends the ATA Secure Erase command checks the result code, at least the failure could be detected.

The other possible approach is to use full disk encryption: make sure the entire filesystem on the drive is encrypted from the start (e.g., Bitlocker, Truecrypt). When you want to sanitize the drive, forget all the crypto keys and securely erase them, and then erase the drive as best as possible. This may be a workable solution, though personally I would probably want to combine it with ATA Secure Erase, too, for best security.

See also the following questions on this site:

  • Is it enough to only wipe a flash drive once?

  • SSD (Flash Memory) security when data is encrypted in place

  • How can files be deleted in a HIPAA-compliant way?

  • Have anyone tried to extract the encryption key from a SSD?


I'd like to refer to this video. It explains how data can be recovered from HDDs using thresholds. Which includes that the given signal-level returned from a HDD ain't only based on the current content, but also on what was previously there. By changing the 'accuracy' of the signal-detection you can find what was previously there. However this is of course just theory, in practice this is almost never done. View other post.

It also explains why erasing data on flash-drives/SSDs ain't that secure as you might think. Because when you delete data on a SSD, the micro-controller in that SSD doesn't delete/overwrite those blocks containing that data instantly, but put them on a 'delete in future'-list.

Also, to lengthen the lifetime of SSDs, they make use of wear leveling. Which means that when overwriting a specific block, the micro-controller remaps the blocks, and make a new block which points to the old unmarked one. Note that writing to all free space will defeat wear-leveling because then the micro-controller doesn't have blocks left to remap.

However, note that if you want to make sure data is not recoverable. Encrypting the drive and dropping the key (deleting from drive/not storing anywhere) will also be an extra level of security. Unless they're able to crack your key of course.


Encrypted data cannot be decrypted unless you use the hash key or password, but it is an offence to withhold the key when ordered to reveal it by a court.

Also, securely shredding may get rid of the content, but links, search terms and temp files can remain elsewhere, which can point to illegal actions that can get you charged by the Police if they have reason to search your life or activity. At the least you might lose all of your digital hardware while they carry out forensic tests, and you might forfeit it permanently if the courts find you guilty of anything.

If the information is really that sensitive, or if you are paranoid, you should physically destroy all of the drives in the machine and fit new ones. And be aware of cloud backups, and IP providers who log search terms...