Who can crack the Gutmann method?

PainlessTorture

Official Best Member
Vista Pro
Hey Guys,
I was reading an article saying how even law enforcement are having trouble reading data erased using Gutmann. I was wondering what your thoughts would be...Do you think the CIA or MI6 etc could get data that has been overwritten by the Gutmann method?

I would be interested in your thoughts. Personally im surprised that law enforcement cant. However the CIA might have slightly more resources :sarc:
 

My Computer

System One

  • Manufacturer/Model
    Hewlett Packard
    CPU
    3.40Ghz / 2.20Gz Duo Core
    Memory
    2GB / 3GB
    Hard Drives
    160 GB / 160 GB
Given enough time, and the resources to do it, I would have thought that both the CIA and FBI would be able to make some headway into deciphering the data on hard drives no matter what method was used to overwrite the data already on there.
When you overwrite data on a drive, people think that the original data is unaccessible. Wrong. With the right tools and equipment, this data can still be accessed. Normally, the electronics (logic board) on the drive filters out this data (signals created by residual magnetism of data that was written prior to the latest data), classing it as noise and just allows the strongest signal (the most recent data written) to pass through and hence to the computer. By bypassing this circuitry, it is possible to access the raw signals directly from the drive heads and process it to extract this data. The signal level of this data is extremely low, but it is still possible to go back a number of generations although I am not sure how far back it is pheasible to go.

As a result of this, there is only one guaranteed solution for people who wish to permanently erase sensitive data from their drives and that is to physically destroy the drive. This means opening the drive up and destroying the platters so that they may no longer be readable. This can take the form of gouging deep scratches into the platter surfaces or even breaking them up into pieces (or a combination of both). It is no good simply destroying the logic board because, as can be seen from the above explanation, this board is bypassed anyway by the techniques used (and, in any case, this board can be replaced and is actually one of the methods that can be used to ressurect a seemingly dead drive)..
 

My Computer

System One

  • Manufacturer/Model
    Dwarf Dwf/11/2012 r09/2013
    CPU
    Intel Core-i5-3570K 4-core @ 3.4GHz (Ivy Bridge) (OC 4.2GHz)
    Motherboard
    ASRock Z77 Extreme4-M
    Memory
    4 x 4GB DDR3-1600 Corsair Vengeance CMZ8GX3M2A1600C9B (16GB)
    Graphics Card(s)
    MSI GeForce GTX770 Gaming OC 2GB
    Sound Card
    Realtek High Definition on board solution (ALC 898)
    Monitor(s) Displays
    ViewSonic VA1912w Widescreen
    Screen Resolution
    1440x900
    Hard Drives
    OCZ Agility 3 120GB SATA III x2 (RAID 0)
    Samsung HD501LJ 500GB SATA II x2
    Hitachi HDS721010CLA332 1TB SATA II
    Iomega 1.5TB Ext USB 2.0
    WD 2.0TB Ext USB 3.0
    PSU
    XFX Pro Series 850W Semi-Modular
    Case
    Gigabyte IF233
    Cooling
    1 x 120mm Front Inlet 1 x 120mm Rear Exhaust
    Keyboard
    Microsoft Comfort Curve Keyboard 3000 (USB)
    Mouse
    Microsoft Comfort Mouse 3000 for Business (USB)
    Internet Speed
    NetGear DG834Gv3 ADSL Modem/Router (Ethernet) ~4.0 Mb/s (O2)
    Other Info
    Optical Drive: HL-DT-ST BD-RE BH10LS30 SATA Bluray
    Lexmark S305 Printer/Scanner/Copier (USB)
    WEI Score: 8.1/8.1/8.5/8.5/8.25
    Asus Eee PC 1011PX Netbook (Windows 7 x86 Starter)
Thanks for your reply Dwarf :)
 

My Computer

System One

  • Manufacturer/Model
    Hewlett Packard
    CPU
    3.40Ghz / 2.20Gz Duo Core
    Memory
    2GB / 3GB
    Hard Drives
    160 GB / 160 GB
They employ people who are known hackers. Hense they are the real techies in this art. Destroying the hard drive is the only true method of privacy! Each time the hard drive is formatted with zeros ther is still a source trace left that can be decrypted even though the numbers have changed on the drive. Data can't be completely removed once written! It just takes major decryption to find it. It is like your IP addy, it is traceable back to you and there is no way around that other then removing the hard link. Coming from a history of lets say questionable SAT testing, that is why I always kept it on a seperate source as not to be traced. Thank goodness those days have passed and all is legit now.:cool:
 

My Computer

System One

  • Manufacturer/Model
    Home made
    CPU
    Intel i7 920 Broomfield-Not overclocked
    Motherboard
    Gigabyte X58-UD4P
    Memory
    12 Gig Corsair Dominator Triple Channel 1600 DDR3
    Graphics Card(s)
    Sapphire 3870 X2 - Just the one now
    Sound Card
    Creative Blaster X-FI Titanium Optical to Yamaha Receiver
    Monitor(s) Displays
    Panasonic 50 inch Plasma via HDMI and used as just a Monitor
    Screen Resolution
    1920x1080
    Hard Drives
    Sata Seagate 750 Gig 32MB for the Vista 64 bit and second drive is Sata 300 Gig for extra storage.
    PSU
    Cooler Master 1000
    Case
    Antec 900 extra fans
    Cooling
    Cooler Master Hyper-N520
    Keyboard
    MX 5000 Logitech
    Mouse
    MX 5000 Logitech
    Internet Speed
    Cable 12MBPS
    Other Info
    LG GGW-H20 Blue Ray writer running with Cyberlink Ultra 9. Home Theater system through Yamaha 7.1 Receiver connected to 11 Def Tech speakers, including powered Def Tech 15 inch sub. What can I say I like movies! Not much of a gamer.
Techymike - I know this already :)
I was just wondering who would have the resources to crack it? I know a normal person or a criminal wouldn't have the skills or resources to read data that has been sanitized with Gutmann. I don't understand how the data can still be on the hard disk. If that's the case how come we cant use that to store lots more data than the capacity of the HDD?
 

My Computer

System One

  • Manufacturer/Model
    Hewlett Packard
    CPU
    3.40Ghz / 2.20Gz Duo Core
    Memory
    2GB / 3GB
    Hard Drives
    160 GB / 160 GB
Once the data is etched in it will always be ther in some sort. It is not generally able to be viewed by typical methods yet think of a microscope probing a magnetic image... there is always a way to pull bits and pieces of data on a used system storage device. It may be scrambled yet it is still there. If you are looking for secure data then it must be completely removed from access as to not allow anyone to view it. I have a collection of hard drives just for that use. MOST have been detroyed as they are no longer of use and completely not traceable anymore. It kind of goes with the story of better safe then sorry! If in doubt then completely remove the threat and be 100% for sure. That is the best advice I can offer. Hard drives are cheap so what cost do you place on your privacy? If there is nothing to hide then do not worry. It is really pretty simple!

Data is like a ball stuffed in a tube and only so many balls will fit in the tube. Once filled there is no more room to add more. It is basic physics.
 

My Computer

System One

  • Manufacturer/Model
    Home made
    CPU
    Intel i7 920 Broomfield-Not overclocked
    Motherboard
    Gigabyte X58-UD4P
    Memory
    12 Gig Corsair Dominator Triple Channel 1600 DDR3
    Graphics Card(s)
    Sapphire 3870 X2 - Just the one now
    Sound Card
    Creative Blaster X-FI Titanium Optical to Yamaha Receiver
    Monitor(s) Displays
    Panasonic 50 inch Plasma via HDMI and used as just a Monitor
    Screen Resolution
    1920x1080
    Hard Drives
    Sata Seagate 750 Gig 32MB for the Vista 64 bit and second drive is Sata 300 Gig for extra storage.
    PSU
    Cooler Master 1000
    Case
    Antec 900 extra fans
    Cooling
    Cooler Master Hyper-N520
    Keyboard
    MX 5000 Logitech
    Mouse
    MX 5000 Logitech
    Internet Speed
    Cable 12MBPS
    Other Info
    LG GGW-H20 Blue Ray writer running with Cyberlink Ultra 9. Home Theater system through Yamaha 7.1 Receiver connected to 11 Def Tech speakers, including powered Def Tech 15 inch sub. What can I say I like movies! Not much of a gamer.
First off it bothers me that your question has not been answered and as old as these posts are you probably won't get to see the answer as I doubt you are checking for one anymore.


The answer to your question is the CIA, NSA, DOD, FBI, SECRET SERVICE, and about any other government agency will be able to recover bits and pieces of data after a Gutmann wipe but NO ONE will be able to completely recover data wiped with the Gutmann method.**


I know that many people say they can but this is not true, what an agency does is TRY to recover enough data to be able to estimate or guess what the missing data is, and thereby in theory effectively recover wiped data. Now for the kicker : This costs 10's of thousands of dollars for small amounts of data and varies for files of the same size, this is why, it takes several man hours just to recover small files and thereby takes long periods of time which an agency is not willing to spend unless the data is highly valuable.**


LOCAL law enforcement does not have the equipment or funds to do this, and most data recovery (if it works) takes longer than the law allows before you must be taken to trial if charges have been filed.


To protect data from recovery you should encrypt the data (never save the key to hard drive) then when you are done with it delete it with the Gutmann method with a program that then replaces the data with new data, ie... a picture of your birthday suit (me.jpg) is wiped then the program replaces it with another file (Niagarafalls.jpg). This is if you are really paranoid and want to make sure your data won't be recovered.


If the idea is to remove a file on a hard drive that you are still using then the likelihood of it ever being recovered is very very low with a standard shredding algorithm, but if you plan to sell or give the hard drive away then the Gutmann method will prevent anyone ,Not a government agency, from recovering your personal files. Of course anyone who has the equipment and time can actually try to recover a single pass with the Gutmann method but unless you have the Nuclear launch codes for a country, or other information of such high value (the lottery numbers for next year) and they know it, I really don't see it happening. (hint: two passes with the Gutmann method increases by nearly double the cost of recovery and the amount of data that can not be recovered, and the amount of time since the wipe causes recovery issues as well, ie.. more data can be recovered from a HDD that was wiped today as apposed to one that was wiped a month ago.) **


As of yet I have been unable to find a single instance of any agency recovering data to be used for prosecution that was wiped with a file shredder let alone one using the Gutmann method. However I know of several instances where a person was prosecuted for items that had been deleted and recovered, I know of one such case where files of an illegal nature was sent to a defendant who immediately deleted them and they were then recovered by law enforcement days after their deletion, in this case a room mate who had been ask to move out reported the files to the police and latter admitted that he knew that the defendant had not sought out the files and had received them in an e-mail without knowing what the files were prior to downloading them. The defendant now has a criminal record and conviction, just because he checked his e-mail.


**NOTE: I have been unable to find a single proven case of ANYONE recovering a file after it was removed using the Gutmann method. This method uses 28 more passes than is required by the U.S. Government for top-secret data, so if they see 7 wipes with a lesser algorithm as sufficient for our Government secrets then I think (That's the best I'm allowed to say) Your safe with the Gutmann method, I use the Gutmann method and I'm required to be very paranoid!;)

If you need a realy good program for wipeing files,folders,HDD's, and freespace then you might try this totaly free program called Eraser, You can find it here :
http://eraser.heidi.ie/
I have nothing to do with this program or anyone involved with it, I just use it.

Who can crack the Gutmann method?

Proven : NO ONE
Rumored : U.S. Government agencies (UNPROVEN)
 

My Computer

Gutmann's paper claiming overwritten data is recoverable unless his special method of erasure is used is wrong.

NO data has EVER been recovered using the "residual magnetism" method he claims.

Gutmann's theory is flawed, and even if it were possible with the old MFM and RLL drives availavble when he wrote it, drives have rapidly increased in storage density since then.

Neither the US, German nor any other national defense standard requires a Gutmann overwrite. The US Department of Defense requires a triple-pass.

I work for the largest data recovery company in the world, and have spoken with the data recovery engineers extensively about this. We often do recovery work for the US DOD. Data overwritten by a simple one-pass zero-fill is unrecoverable.
 

My Computer

Back
Top