When a file is deleted it isn't truly deleted until the page on the SSD is overwritten, how can I make sure my sensitive files are permanently deleted and cannot be recovered?
I know I could potentially create dummy data and copy that throughout the entire drive until it's full (therefore erasing the pages of sensitive files on the SSD), but is there any easy way to do this?
SSDs are different from regular HDDs, primarily because they use different technologies to record data. An HDD is a spinning platter that writes with a moving mechanical arm. An SSD is more akin to a flash memory stick, storing information in cells. To write new data to a cell, the drive must first erase existing data. This makes it harder, if not impossible to fully delete a file once it's written in the SSD.
Secure Erase methods should "theoretically" delete all the data from a drive on the first pass. But as several studies have shown, poorly-implemented or buggy Secure Erase versions can result in lingering data. This data is recoverable. The best method is to complete at least two full Secure Erase processes to ensure that every SSD cell is completely clear.
A group of engineers at the University of California studied how difficult it is to erase data from an SSD. Trying to securely erase a single file left behind anywhere from 4 to 75% of the information. And it’s tough on the drive.
Solution?
What you can do is make sure you encrypt your SSD, and make sure that you’ve got an SSD drive with TRIM capability.
Data in the SSD is constantly moved. This is what makes it so hard to fully delete a once-written file. But... Thankfully the TRIM command is designed to solve such a conundrum by marking blocks of data the drive no longer considers in use to be wiped internally. Simply put, your discarded data will eventually vanish into thin nothing and be irretrievable, but only your drive really knows when that will be.
Always, make sure to use the manufacturer's software.
SSD consists of NAND memory and the controller. Controller speaks SATA protocol and smart enough to spread your data over blocks (search for "wear leveling").
Only controller knows where is your data exactly, so simply writing nulls to the same address would not help.
Instead, you need to ask controller to erase everything. There is a special command in SATA protocol called "Secure Erase" (https://en.wikipedia.org/wiki/Parallel_ATA#HDD_passwords_and_security)
Use your SSD vendor software (like "Magican" for Samsung) to launch this command.
If you don't want to rely on the OS drivers' use of TRIM, there are two commands that are available on Linux (and perhaps elsewhere) to invoke the TRIM internal function on SSDs.
fstrim(8) discards all unused blocks in a mounted filesystem, possibly constrained to a region you specify.
blkdiscard(8) discards (and effectively erases) all blocks (or a specified region) of an entire drive.
I can imagine using this on SSDs that are only inserted occasionally, and could miss the usual scheduled TRIM operations of modern OSes, or on SSDs that you are about to recycle or donate.
