TRIM’s catch – Data recovery impossible!

One of the biggest improvements most manufacturers have added to their latest generation of SSDs is TRIM support.  Of course, there’s a catch, when a file is deleted on a TRIM-enabled SSD, it’s gone for good!  Recovery and undeletion tools will not get them back.

Unlike HDDs where old data can simply be overwritten, with SSDs, blocks containing old deleted data must be erased before new data can be written to them, which takes a considerable amount of time.  With TRIM, when a file is deleted, Windows 7 (which has TRIM support) issues the ATA command to wipe the blocks previously used by the file.

As solid-state drives began to catch on, and Intel was quickly becoming known as a God-like controller developer, a major flaw was discovered… speed degradation. At first, it was believed that only Intel’s drives were at risk, but it turns out that pretty much every model on the market shared the same inherent issue.

Almost all of the storage devices we use on a regular basis handle files we delete similarly. Once a file is deleted, the link to that data, stored in the storage device’s indexer (normally the LBA for mechanical drives) is simply wiped clean. As a real-world comparison, imagine having a paper index of all of the movies in your collection, but you burn it up. The indexer would essentially be gone, but your movies haven’t moved. It’s the same situation with data storage.

Because the data is left in tact, data recovery is possible – at least, until that exact block is overwritten with fresh data. Anyone who’s accidentally deleted a file and later recovered it with a recovery tool can probably appreciate this sort of fail-safe. When SSD’s came along, this method of handling data didn’t change, but what did change was the speed that the process could complete.

Read the full article at Techgage, which includes a few real-world demos.

As the Techrage demonstrates, before switching to a TRIM-enabled SSD, one really needs to plan a backup and carry it out regularly.  Once files are deleted with the recycle bin emptied, it’s the equivalent to putting physical documents in a cross-cut shredder.  There’s no way of getting it back, unless there’s another copy of it laying around.

As SSDs need just some “ready-to-use” free space to maintain its like-new fast write-performance, maybe a good idea for SSD manufacturers would be to implement some sort of grace period before wiping the blocks.  For example, there are two ways this could be done:  1 – Build a table of the blocks to wipe and wipe them after a 24h (or user-specified) period.  2 – Build a table of blocks to wipe and once 80% of the blocks are filled, start wiping the oldest blocks marked for wiping.  This would at at least allow emergency data recovery of recent files.