External Publication
Visit Post

Procedure for keeping sensitive data from ever touching my normal hard drive

Privacy Guides Community [Unofficial] June 25, 2026
Source
That is not true at all. Unlike HDDs, you can’t directly issue commands to the controller to write certain data at a certain location. Due to wear leveling, the logical addresses are arbitrarily remapped on thr physical address. So even if you try to overwrite the very same file stored on a specific location, what actually happens is just writing data on a different sector instead of overwriting, thus leaving the previous (unencrypted) data vulnerable to forensics. The only way to truly securely delete files in SSDs is to shred the entire SSD itself, wasting huge amounts of SSD lifespan. So it’s crucial to have the whole drive encrypted beforehand. That way, no plaintext data is ever written to the media in the first place(unless the system somehow bypasses on the fly encryption, which is very unlikely under proper configuration) nvme-cli is good, but that doesn’t bypass wear leveling and other firmware defined behaviors. I also recommend trying out ShredOS, which is specifically designed to sanitize data drives.

Discussion in the ATmosphere

Loading comments...