Andrew Frowen offers the following royalty-free article for you to publish online or in print. Feel free to use this article in your newsletter, website, ezine, blog, or forum. ----------- PUBLICATION GUIDELINES - You have permission to publish this article for free providing the "About the Author" box is included in its entirety. - Do not post/reprint this article in any site or publication that contains hate, violence, porn, warez, or supports illegal activity. - Do not use this article in violation of the US CAN-SPAM Act. If sent by email, this article must be delivered to opt-in subscribers only. - If you publish this article in a format that supports linking, please ensure that all URLs and email addresses are active links. - Please send a copy of the publication, or an email indicating the URL to [email protected] - Content Crooner (www.ContentCrooner.com) has distributed this article on behalf of the author. Content Crooner does not own this article, please respect the author's copyright and publication guidelines. If you do not agree to these terms, please do not use this article. ----------- Article Title: TRIM Technology: Faster For Users, Tougher For Computer Forensic Analysts Author: Andrew Frowen Category: Security, Information Technology Word Count: 573 Keywords: computer forensics, solid state drive, hard disk drive, data recovery, deletion, security Author's Email Address: [email protected] Article Source: http://www.contentcrooner.com ------------------ ARTICLE START ------------------
In recent years, a new way of storing data inside a computer has appeared and is growing in popularity. The Solid-State Drive (SSD) is a storage medium that uses 'solid state' technology to record data on its circuitry without the need for any moving parts. This makes it smaller, which is part of the reason it is the drive of choice for laptops such as the exceptionally thin and light Mac Air. A standard hard disk drive (HDD) works by storing data in binary (ones and zeros) in 'sectors' on rapidly rotating magnetized metal disk-shaped platters. As the platters rotate, a motorized arm moves a head in arcs across the platters, writing and reading the data as it goes. Because of their mechanical nature, hard disks are easily damaged. Overheating can warp the platters so that sectors become unreadable, while water, fire or a jolt or power surge can cause damage to the platters, actuators, motor or head, especially if the head comes into contact with the platter. In contrast, because an SSD has no moving parts, it is a less fragile form of data. In fact, it can endure high impact, high altitude, vibration and extremes of temperature often without any damage to the data. For a computer forensic expert attempting to recover data from a physically damaged device, therefore, an SSD might be more likely to contain readable information. Unlike HDDs, SSDs use cells to store data. Each cell allows data to be written using 'electron tunneling', where a charge is applied to create one of two binary states (zero or one) which is preserved even if the cell has no power. Most significant to the security expert, data recovery team or computer forensic analyst, however, is how data is deleted. When a user 'deletes' data, the relevant cells are marked as available in the operating system's memory, but the physical state of the cell (and therefore the data it holds) remains present. It is only when the operating system comes to write new data in that cell, that its state must first be reset to accommodate the new write. What this means for forensic analysts is that significant swathes of data could exist after being 'deleted' by the user, but for the user experience, the extra step slows the write process down. To address this problem, the TRIM command has been developed which allows an operating system to reset the physical state of cells that are not in use, rather than simply flagging them as available. This means if an operating system is running TRIM, delete really does mean delete; the physical state of the cell will be reset at the point of file deletion, making recovery impossible. Of course, this is not to say that other traces of the file might not exist elsewhere - for example, a thumbnail of an image might remain in the operating system's cache - but it does mean that anyone attempting to recover data from an SSD will face a greater challenge than before the advent of TRIM. At the time of writing, TRIM has been implemented in Windows 7 and Snow Leopard - the most recent operating systems installed as standard on PCs and Apple computers respectively, and so is likely to increasingly affect the work of computer forensic investigators in the coming months and years, particularly as the costs of producing high capacity SSDs falls, and popularity increases. IntaForensics a BS EN ISO 9001:2000 registered firm providing Computer Forensics, Expert Witness, Mobile Phone Forensics, and Forensic Data Recovery to the Legal Sector, Police Forces, Local Authorities and Commercial organisations internationally. Visit http://www.intaforensics.com. Distributed by http://www.ContentCrooner.com ------------------ ARTICLE END ------------------ [Non-text portions of this message have been removed]
