Then give the SSD controller the Security Erase Enhanced command, which nwipe does NOT currently support, but can be done with HDPARM in the interim. There's extra capacity on there that you will never have access to from nwipe. The problem with that approach is that you don't have access to the entire 'device' or, to be more specific, the storage backend. One security method is to write random data to the entire device (low likelihood of repeated data in a block which would allow shared mapping), which nwipe currently supports. That's news to me: I wasn't aware of SSDs doing data replication.Įarlier data from those re-mapped blocks still exists and technically could be forensically read (but not with normal reads). To summarize the earlier discussion, SSD controllers recognize data patterns, such as all zeros, and map all blocks containing zeros to a single block that really contains zeros.