Files on magnetic hard drives remain on the drive even after they are deleted, so they can be recovered later with forensic tools. Sometimes SSDs work the same way, but under other conditions they erase this latent data in a "garbage collection" process. Understanding when and how this happens is important to forensic investigators and people who handle confidential data.
I'll explain the purpose of garbage collection, and how it is affected by the operating system, SSD model, BIOS settings, TRIM, and drive format. I'll demonstrate SSD data evaporation on a MacBook Air and a Windows system, using my "evap" tool (available for everyone to use) that makes it easy to test SSDs for data evaporation.
Sam Bowne (@sambowne) has been teaching computer networking and security classes at CCSF since 2000. He has given talks at DEF CON, BayThreat, LayerOne, Toorcon, and lightning talks at HOPE on Ethical Hacking, and taught classes and seminars at many other schools and teaching conferences. He has a PhD and a lot of industry certifications, but still no CISSP.