[liberationtech] secure wipe of flash memory

[Michael Rogers]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 21/07/12 18:02, Chris Ball wrote:
> Hi,
> 
> On Sat, Jul 21 2012, Michael Rogers wrote:
>> Does anyone on the list know whether flash controller chips use 
>> journalling? I'm guessing they might because YAFFS does.
> 
> I don't think so -- YAFFS is a filesystem, and the wear-leveling 
> algorithm on the controller only knows how to act on reads/writes 
> to individual blocks on the flash, so they're very different
> layers. The flash controller isn't a replacement for a filesystem;
> you still need to use one, and it may or may not be journaled.
> 
> (Although the independence between wear-leveling algorithm and 
> filesystem isn't total; there's evidence that the vendors teach 
> their firmware how to handle writes to the Windows FAT cleanly.)

Thanks for the information Chris. Perhaps journalling was the wrong
word for me to use - what I'm interested in is whether a forensic
investigator can (partially) reconstruct the order in which the
logical blocks of a flash device were updated. If so, TrueCrypt hidden
volumes could be exposed.

Each time YAFFS updates a logical block, it stores a numbered mapping
from the logical block to a physical block. The numbers reveal the
order of the updates. Do you know whether controller chips do
something similar?

Cheers,
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJQFmmJAAoJEBEET9GfxSfMMi8H/RR3xRubP3+ld7E+JIwqhmfi
k1KE/lIHEKyJ7xlkGQzcCBG42TLcND+LlYQHk87QIyhnB/gFeIpEJUkLtBO3g+p8
aGCrAhYtRgTT+ULBN9EEQ2GdeSq6xL+JOd4l5xFLwtRgn/vDxvpjuN4FyPactDzK
02HFr867TO6BaVb+oVV1Q5EHjiv81O1fa6QHWY5yHIxN4sJDlxZQ+Mk/5Cnkvukd
Ik3iypqnCZODrABsgHfnQHgCGpB88zKIjuiANMpaeke0fUWt+2bpb1reeQlFG/lX
P1J2rqEs4Lsf/hDXIkOJARZmwlz7OsQgGK8VrOSiY9pkFhGp6kw9V/JLF+0fvlA=
=DrW7
-----END PGP SIGNATURE-----