Apparently SSDs have been proving troublesome and are now being melted in a three stage thermite based process. (However I have a suspicion that change in protocol was more of an excuse to use thermite in 'the office', more so than an actual valid issue on security over the wood chipper.)

Eh? shoudn't SSD's be more secure in terms of wiping data, due to how data is erased on a SSD.

It is "not my department" so to speak, so I'm out of the loop on actual details. The impression I got from lunch time talks with one of the techs is that this one model, of which we bought a ton of, supported this fun in disk compression buffer. Before writing data it compared the next write to its buffer and looked for data blocks that could be quickly compressed/cloned to save space. This in turn gave the techs headaches when it came to their over writing protocol software as the drive kept looking at the incoming data and saying "Hey! I have a copy of that over here in the first 5% of the drive, I'll just point to this bit of already written data..." and then not actually forcing deletes on other parts of the drive that still contained potentially sensitive data.

And they didnt think of trying to switch from filling with zeros to filling with a stream of ever changing random numbers?

Here's my thoughts about the ghosting images:

The MW2 image turned out to be the same size (220x195) as a few dozen other non-family-photograph images that were mixed in with the real photographs.

I also found a Battlefield 3 cover-art image of about the same size.

They were probably cached on the card for some marketing purpose: Maybe as pre-installed wallpapers that came on the phone (weird resolution for a wallpaper though), maybe for some other reason. Perhaps they are the cover-art image for purchasing an app version of the game or something.

If the drive had hundreds of entries for files, but they got overwritten and all pointed at the same location (a single block of memory early on in the disk, for example - which might reinforce the idea that they were pre-installed for marketing reasons), PhotoRec could've ended up accidentally pulling from the same memory block hundreds of times. I don't know how filesystems are actually laid out, nor what method PhotoRec uses to recover files, so this is purely speculation.

And they didnt think of trying to switch from filling with zeros to filling with a stream of ever changing random numbers?

Given that much of the sensitive data is frequently made up of streams of fairly random numbers, detecting the difference between a legit random data stream that was previously on the hard drive and a 'safe' random stream used to overwrite it is somewhat non-trivial. So the only data that was allowed to exist on the drives before their destruction is a series of cat photos, that way it is easy to verify that the data is in fact not fractional remains of sensitive material that was required to be fully scrubbed prior to drive physical destruction.

I'm sure it sounds very odd, but the protocol had the drives handled at various levels on their way out. The checks and additional scrubbing just prior to destruction were to weed out issues that were happening in levels above. If the guys handling drive destruction detected data that wasn't suppose to reach them then there was a problem upstream of them. And if they can eliminate the data that the previous department failed to, then there was a problem at the previous department that needed to be fixed/heads roll. Destruction and disposal guys get security clearance to see the data, but the data isn't suppose to have made it to them. (Reduces the ability for someone to nick a drive in transit between its department and destruction.)

And they didnt think of trying to switch from filling with zeros to filling with a stream of ever changing random numbers?

Many SSD's these days tend to use internal full-drive encryption and simply erase the encryption key, permanently destroying all data on the drive. This approach works to the SSD's strengths by reducing the amount of writes required, and is quite efficient especially when done at the hardware level. In theory, if this was done right, there would be no possible recovery. But in practice, nothing is implemented properly and the firmware is so opaque and has so many levels of indirection that you're better off just physically destroying the drive for peace of mind

(just to make it clear, the encryption feature offers no security whatsoever when it comes to someone stealing your SSD, because it is built into the firmware, it exists only so that data at rest can be quickly disposed of without forcibly overwriting every last bit of information and wearing out the drive in the process, and it does not prevent you from using an additional encryption layer if you are the paranoid type)

once I used Photo Rec and went in same state of affairs as you. Then my friend suggest me one utility named as Remo Recover for Android. Trust me, I effortlessly recovered my photos from Android phone SD card. You can also try this utility.

Uh, it seems that file recovery threads get more targeted spambot responses than many other topics (you see this on other forums when googling as well).
The two posts above me are spambots, and there was a third that was already removed.

Since my problem is resolved, could a moderator lock this thread?

For any future person having the same issue:

Using the Linux version of PhotoRec from a Knoppix install disc worked perfectly for me (and both of these are free/opensource)

For some reason (I think it might have been my cheap SD card reader which I got for free and probably cost < $2 to manufacture) the Windows version of PhotoRec wasn't doing as great a job (but is still worth giving a try).

Locking as requested. One spammer banned; other being watched.