Erasing a file or partition on an SSD or flash drive "reasonably" securely
There is a lot of information online and on this forum indicating that it is difficult to securely erase SSD or flash drives. Normally, the expectation would be that data is erased by overwriting it, for example using linux commands like:
"shred -n 1 filename.txt" (to erase a file)
or
"dd if=/dev/zero of=/dev/sda1" (to erase an entire partition)
A reason that this does not necessarily delete the data on SSD or flash drives is that a wear leveling algorithm will allocate a new physical storage location in the memory chip to the logical disk location, and write to the new physical location. The original data in the old physical location remains intact on the memory chip. Therefore, it would be possible to recover the data from the old physical location despite that it has been "overwritten".
My question is how likely this scenario is. Is it, (a), possible to read data on an SSD or flash drive that was "overwritten", as specified above, simply by plugging the drive into a computer and issuing commands to it? I.e., can the "overwritten" data be read using recovery software? Or, (b), does recovering data that has been "overwritten" require disassembly of the device and perhaps de-soldering of memory chips in order to read them on a test bench?
Without knowing much about SSD or flash drive controllers, my expectation would be that the controller would prevent reading from a physical location on the chip that has been deallocated. And hence that only a hardware based method as in (b) could recover the data. If this is the case, for many practical purposes "overwriting" the files may be sufficiently secure. On the other hand, if data can still be recovered using software as in (a), the security issues with "overwritten" files could be much more significant.
