When hackers strike, they often delete or encrypt files and disappear, leaving organizations scrambling to recover critical data. But recovery is especially difficult on modern computers because solid-state drives (SSDs) – the primary storage technology in most devices – do not track when data is deleted. As a result, the files most needed after an attack are often permanently erased first, shrinking the already narrow window for recovery.
A Florida International University cybersecurity researcher has developed a way to change that.
Weidong Zhu has created a system that transforms an SSD into an active line of defense, significantly extending how long deleted data can be recovered after a cyberattack. Developed in collaboration with the University of Florida, the approach focuses on preserving the files most likely to be needed in the immediate aftermath of an attack.
File recovery relies on retrieving data before it is permanently overwritten. While this can sometimes be done on traditional storage systems, SSDs automatically clear deleted data through a process known as “garbage collection,” which frees space without regard for when files were removed. This means newly deleted, high-value data, such as files lost during a ransomware attack, can disappear first.
Zhu’s system addresses that flaw by reorganizing how SSDs handle deleted data. Instead of clearing files at random, the system prioritizes when data was deleted, allowing the drive to retain the most recent files, which are typically the ones most critical for recovery, for as long as possible.
“Our system extends recoverable data history up to 126 days,” said Zhu, an assistant professor at FIU’s Knight Foundation School of Computing & Information Sciences whose work is part of the Center for Integrated Security, Privacy, and Trustworthy AI (CIERTA). “Even if your computer is infected, your data can survive on your drive.”
The innovation taps into a growing area of cybersecurity research that treats hardware as a last line of defense. Because SSDs operate independently from the operating system, they can continue to protect data even if software defenses are compromised.
“Think of it like a vault inside a bank,” Zhu said. “The bank might get robbed, but if the vault has its own independent lock and its own security guard, the robbers can’t crack it just because they got past the front door.”
Until now, integrating security features directly into SSDs has been difficult because added protections require substantial computing resources that can slow performance, limiting practical use. Zhu’s system overcomes that challenge, improving the data protection window by at least 60% with minimal impact on speed.
“This is the problem we have solved, helping to clear the way for storage devices to become a major asset in the fight against hackers,” Zhu said.
Zhu is now in discussions with industry leaders about bringing the technology to market, a step that could help organizations better withstand increasingly sophisticated cyberattacks.
“Hackers are powerful,” Zhu said. “But the storage device itself can be the last line of defense for your data. This is a new area, and we are just beginning.”
