Investigation of Data Deletion Vulnerabilities in NAND Flash Memory Based Storage

Abstract: Semiconductor NAND Flash based memory technology dominates the electronic Non-Volatile storage media market. Though NAND Flash offers superior performance and reliability over conventional magnetic HDDs, yet it suffers from certain data-security vulnerabilities. Such vulnerabilities can expose sensitive information stored on the media to security risks. It is thus necessary to study in detail the fundamental reasons behind data-security vulnerabilities of NAND Flash for use in critical applications. In this paper, the problem of unreliable data-deletion/sanitization in commercial NAND Flash media is investigated along with the fundamental reasons leading to such vulnerabilities. Exhaustive software based data recovery experiments (multiple iterations) has been carried out on commercial NAND Flash storage media (8 GB and 16 GB) for different types of filesystems (NTFS and FAT) and OS specific delete/Erase instructions. 100 % data recovery is obtained for windows and linux based delete/Erase commands. Inverse effect of performance enhancement techniques like wear levelling, bad block management etc. is also observed with the help of software based recovery experiments.