SSDs have four main areas where data is stored:
See the image above for an example.
When you delete data using an erasure software (i.e. overwriting all LBAs), the software will only overwrite active data. It does not touch any spare blocks, retired blocks and/or system area blocks, which means that data located in these sections will remain intact.
Please note that overwriting multiple times may force the SSD to overwrite all the spare blocks (i.e. spare blocks become active blocks, and vice versa), but that is not 100% guaranteed. As a user, you have no control over which spare blocks are used so there is a risk the data may still be saved in the SSD.
When using the Secure Erase command, it should overwrite all the areas, with the exception of the System Area – however bear in mind that the implementation of this command is up to the manufacturer. Most of the newer SSDs would perform this properly; however some older models may miss spare blocks and/or may not touch retired blocks, so potentially parts of your data could remain in the SSD.
The Security Freeze Lock is a command that sets the SSD to Frozen mode. After completion of this command, any other commands that update the device Lock mode (such as Security Erase Unit) are rejected. Frozen mode can only then be disabled by powering-off or by a hardware reset.
When a locked SSD is temporarily unlocked, the Secure Erase Unit command may be unavailable until the SSD is repowered. This is designed to prevent unauthorised changes to the password on the unlocked drive by malicious software (e.g. a virus).
Repowering a drive typically removes the freeze lock, but that can be quite difficult to do, for example when the drive is inside a laptop. Security commands like Freeze Lock are normally sent to the SSD by the computer’s BIOS but these commands can also be sent via software.
More about:
Data Deletion, Destruction and Erasure Solutions