The solution to all of this is full disc encryption. Without the password
the disc is full of random noise.

Yes, Windows comes with Bitlocker. I am curious to know what the CPU
overhead is for decrypting on the fly the encrypted data on said drive?


If you are concerned about the disc
falling into the wrong hands (on a laptop, or at disposal time) then FDE
will protect against that.

Is Bitlocker considered to be a FDE?


SSDs typically do FDE 'for free' - the raw flash
is encrypted, and a 'secure erase' is simply deleting the key from inside
the controller.

Thats interesting to know, why is FDE used on SSDs? I don't see it
advertised as a feature on the advertising blurb so it gives one the
impression that one needs to deploy FDE....

Deleting the key is not the same thing as securely erasing the key with
an overwrite so my question is can the "deleted" key be recovered?

Also SSD's use wear levelling so an overwrite may end up on a physically
different location on the flash NAND chips?


No angle grinders needed.

Theo