Windows Vista Forums

Who can crack the Gutmann method?

  1. #1
    PainlessTorture's Avatar

    Official Best Member
    Join Date : Jul 2008
    Northern Ireland
    Posts : 471
    Windows Vista™ Ultimate x64
    Local Time: 05:58 AM
    uk

    Who can crack the Gutmann method?

    Hey Guys,
    I was reading an article saying how even law enforcement are having trouble reading data erased using Gutmann. I was wondering what your thoughts would be...Do you think the CIA or MI6 etc could get data that has been overwritten by the Gutmann method?

    I would be interested in your thoughts. Personally im surprised that law enforcement cant. However the CIA might have slightly more resources

      My System SpecsSystem Spec

  2.   


  3. #2
    Dwarf's Avatar

    The Contemplator



    Join Date : Mar 2008
    Doncaster, UK
    Posts : 2,760
    Windows 8.1 Pro RTM x64
    Local Time: 06:58 AM
    england uk yorkshire

     

    Re: Who can crack the Gutmann method?

    Given enough time, and the resources to do it, I would have thought that both the CIA and FBI would be able to make some headway into deciphering the data on hard drives no matter what method was used to overwrite the data already on there.
    When you overwrite data on a drive, people think that the original data is unaccessible. Wrong. With the right tools and equipment, this data can still be accessed. Normally, the electronics (logic board) on the drive filters out this data (signals created by residual magnetism of data that was written prior to the latest data), classing it as noise and just allows the strongest signal (the most recent data written) to pass through and hence to the computer. By bypassing this circuitry, it is possible to access the raw signals directly from the drive heads and process it to extract this data. The signal level of this data is extremely low, but it is still possible to go back a number of generations although I am not sure how far back it is pheasible to go.

    As a result of this, there is only one guaranteed solution for people who wish to permanently erase sensitive data from their drives and that is to physically destroy the drive. This means opening the drive up and destroying the platters so that they may no longer be readable. This can take the form of gouging deep scratches into the platter surfaces or even breaking them up into pieces (or a combination of both). It is no good simply destroying the logic board because, as can be seen from the above explanation, this board is bypassed anyway by the techniques used (and, in any case, this board can be replaced and is actually one of the methods that can be used to ressurect a seemingly dead drive)..

      My System SpecsSystem Spec

  4. #3
    PainlessTorture's Avatar

    Official Best Member
    Join Date : Jul 2008
    Northern Ireland
    Posts : 471
    Windows Vista™ Ultimate x64
    Local Time: 05:58 AM
    uk

      Thread Starter

    Re: Who can crack the Gutmann method?

    Thanks for your reply Dwarf

      My System SpecsSystem Spec

  5. #4
    Techymike's Avatar

    not so newbie

    Join Date : Jan 2009
    CA due to work but miss Texas!
    Posts : 212
    Vista Home Premium x64
    Local Time: 10:58 PM
    thailand us texas

     

    Re: Who can crack the Gutmann method?

    They employ people who are known hackers. Hense they are the real techies in this art. Destroying the hard drive is the only true method of privacy! Each time the hard drive is formatted with zeros ther is still a source trace left that can be decrypted even though the numbers have changed on the drive. Data can't be completely removed once written! It just takes major decryption to find it. It is like your IP addy, it is traceable back to you and there is no way around that other then removing the hard link. Coming from a history of lets say questionable SAT testing, that is why I always kept it on a seperate source as not to be traced. Thank goodness those days have passed and all is legit now.

      My System SpecsSystem Spec

  6. #5
    PainlessTorture's Avatar

    Official Best Member
    Join Date : Jul 2008
    Northern Ireland
    Posts : 471
    Windows Vista™ Ultimate x64
    Local Time: 05:58 AM
    uk

      Thread Starter

    Re: Who can crack the Gutmann method?

    Techymike - I know this already
    I was just wondering who would have the resources to crack it? I know a normal person or a criminal wouldn't have the skills or resources to read data that has been sanitized with Gutmann. I don't understand how the data can still be on the hard disk. If that's the case how come we cant use that to store lots more data than the capacity of the HDD?

      My System SpecsSystem Spec

  7. #6
    Techymike's Avatar

    not so newbie

    Join Date : Jan 2009
    CA due to work but miss Texas!
    Posts : 212
    Vista Home Premium x64
    Local Time: 10:58 PM
    thailand us texas

     
    Once the data is etched in it will always be ther in some sort. It is not generally able to be viewed by typical methods yet think of a microscope probing a magnetic image... there is always a way to pull bits and pieces of data on a used system storage device. It may be scrambled yet it is still there. If you are looking for secure data then it must be completely removed from access as to not allow anyone to view it. I have a collection of hard drives just for that use. MOST have been detroyed as they are no longer of use and completely not traceable anymore. It kind of goes with the story of better safe then sorry! If in doubt then completely remove the threat and be 100% for sure. That is the best advice I can offer. Hard drives are cheap so what cost do you place on your privacy? If there is nothing to hide then do not worry. It is really pretty simple!

    Data is like a ball stuffed in a tube and only so many balls will fit in the tube. Once filled there is no more room to add more. It is basic physics.

      My System SpecsSystem Spec

  8. #7



    Newbie
    Join Date : Apr 2010
    Posts : 1
    ultamate x64
    Local Time: 11:58 PM


     

    Re: Who can crack the Gutmann method?

    First off it bothers me that your question has not been answered and as old as these posts are you probably won't get to see the answer as I doubt you are checking for one anymore.


    The answer to your question is the CIA, NSA, DOD, FBI, SECRET SERVICE, and about any other government agency will be able to recover bits and pieces of data after a Gutmann wipe but NO ONE will be able to completely recover data wiped with the Gutmann method.**


    I know that many people say they can but this is not true, what an agency does is TRY to recover enough data to be able to estimate or guess what the missing data is, and thereby in theory effectively recover wiped data. Now for the kicker : This costs 10's of thousands of dollars for small amounts of data and varies for files of the same size, this is why, it takes several man hours just to recover small files and thereby takes long periods of time which an agency is not willing to spend unless the data is highly valuable.**


    LOCAL law enforcement does not have the equipment or funds to do this, and most data recovery (if it works) takes longer than the law allows before you must be taken to trial if charges have been filed.


    To protect data from recovery you should encrypt the data (never save the key to hard drive) then when you are done with it delete it with the Gutmann method with a program that then replaces the data with new data, ie... a picture of your birthday suit (me.jpg) is wiped then the program replaces it with another file (Niagarafalls.jpg). This is if you are really paranoid and want to make sure your data won't be recovered.


    If the idea is to remove a file on a hard drive that you are still using then the likelihood of it ever being recovered is very very low with a standard shredding algorithm, but if you plan to sell or give the hard drive away then the Gutmann method will prevent anyone ,Not a government agency, from recovering your personal files. Of course anyone who has the equipment and time can actually try to recover a single pass with the Gutmann method but unless you have the Nuclear launch codes for a country, or other information of such high value (the lottery numbers for next year) and they know it, I really don't see it happening. (hint: two passes with the Gutmann method increases by nearly double the cost of recovery and the amount of data that can not be recovered, and the amount of time since the wipe causes recovery issues as well, ie.. more data can be recovered from a HDD that was wiped today as apposed to one that was wiped a month ago.) **


    As of yet I have been unable to find a single instance of any agency recovering data to be used for prosecution that was wiped with a file shredder let alone one using the Gutmann method. However I know of several instances where a person was prosecuted for items that had been deleted and recovered, I know of one such case where files of an illegal nature was sent to a defendant who immediately deleted them and they were then recovered by law enforcement days after their deletion, in this case a room mate who had been ask to move out reported the files to the police and latter admitted that he knew that the defendant had not sought out the files and had received them in an e-mail without knowing what the files were prior to downloading them. The defendant now has a criminal record and conviction, just because he checked his e-mail.


    **NOTE: I have been unable to find a single proven case of ANYONE recovering a file after it was removed using the Gutmann method. This method uses 28 more passes than is required by the U.S. Government for top-secret data, so if they see 7 wipes with a lesser algorithm as sufficient for our Government secrets then I think (That's the best I'm allowed to say) Your safe with the Gutmann method, I use the Gutmann method and I'm required to be very paranoid!

    If you need a realy good program for wipeing files,folders,HDD's, and freespace then you might try this totaly free program called Eraser, You can find it here :
    http://eraser.heidi.ie/
    I have nothing to do with this program or anyone involved with it, I just use it.

    Who can crack the Gutmann method?

    Proven : NO ONE
    Rumored : U.S. Government agencies (UNPROVEN)

      My System SpecsSystem Spec

  9. #8



    Newbie
    Join Date : Dec 2012
    Posts : 1
    W7 64-bit
    Local Time: 11:58 PM


     

    Re: Who can crack the Gutmann method?

    Gutmann's paper claiming overwritten data is recoverable unless his special method of erasure is used is wrong.

    NO data has EVER been recovered using the "residual magnetism" method he claims.

    Gutmann's theory is flawed, and even if it were possible with the old MFM and RLL drives availavble when he wrote it, drives have rapidly increased in storage density since then.

    Neither the US, German nor any other national defense standard requires a Gutmann overwrite. The US Department of Defense requires a triple-pass.

    I work for the largest data recovery company in the world, and have spoken with the data recovery engineers extensively about this. We often do recovery work for the US DOD. Data overwritten by a simple one-pass zero-fill is unrecoverable.

      My System SpecsSystem Spec


Who can crack the Gutmann method?
Similar Threads
Thread Forum
How to crack a password? Vista account administration
Re: No CD crack (Ironman) Vista Games
Method invocation failed because [System.String] doesn't contain a method PowerShell
crack for vista Vista General
A Cost Analysis of Windows Vista Content Protection by Peter Gutmann Vista General