Is 35-Times Guttmann Secure Disk Wipe Really Necessary?

Discussion in 'privacy technology' started by Please Help Me, Dec 11, 2012.

Thread Status:
Not open for further replies.
  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,390
    For the record, Gutmann states:

    Quote is from Gutmann method (Wikipedia)

    Lots of good External Links and Notes at the bottom of the webpage worth reading.

    -- Tom
     
    Last edited: Dec 13, 2012
  2. Gutmann is a very smart guy, listen to him!
     
  3. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,154
    firstly thx lotuseclat79 for the reply.

    Have you guys read all the posts users have made on the link that ronjoy posted? a few people claim they can recover after many wipes.

    My personal belief is this. I believe that what is happening here on the internet is that there is certain people ie goverment officials FBI etc who want us to believe that no data can be recovered after many wipes so as people wouldn't take any other extreme measures to destroy data,these are the people who are posting its not possible its not possible, unfortunately for them there is always others on the internet Leaking out the truth claiming they can recover after many wipes like for example on here the site ronjoy posted http://www.howtogeek.com/115573/htg-explains-why-you-only-have-to-wipe-a-disk-once-to-erase-it/

    I guess we will never know for sure.

    One thing for sure tho is I think we can all agree here that if you remove the harddrive platter and grind it into powder with a metal grinder that it would be impossible to recover anything. I did this once one day just for a laugh when I had nothing else to do, I tell you it is so much faster than doing 35 gutman wipes
     
    Last edited: Dec 12, 2012
  4. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,612
    Location:
    European Union
    For a normal HDD, no.
     
  5. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    I would disagree with this statement, as someone who has done a fair share of comp forensics, an individual would have to really be unable to grasp the concept of disk erasing for that to be true. A good wiping utility will do its job well on basic hard disks with one pass. There have been cases where perhaps traces were left, but this I would account to user error.

    If you still believe the government is out to get you, analyze the disk yourself after wiping and apply thermite where necessary...
     
  6. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,327
    Location:
    Here, There and Everywhere
    To be fair, I think redcell was speaking of Windows and its uncanny ability to leave artifacts in the unlikeliest of places - that many/most wouldn't even know the need to erase. Despite cleaners and wipers and ticks and boxes, there's always an application that's logging for god knows what reason and unless the disk is fully encrypted, would be found by a good forensic specialist. I don't think he was questioning the ability of wipers, just arguing it's not enough because of these stray artifacts.

    (If I'm wrong, redcell, by all means speak up with my apologies.)

    `
     
  7. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    Unless said application is directly related to the data in question, say, P2P applications remembering files searched for and already downloaded ((Emule does this by default)), then only a very few places in Windows would hold possibly incriminating evidence. CCleaner takes care of most of that, Eraser would remove the data and free space left over. I truly believe what RedCell meant was that somehow or another, the government secretly knows how to do what every public forensics expert and researcher says simply can't be done. In other words, the government is doing exactly what they prefer to do, which is make people believe things can be done that can't, because hey, it's the government, they have bucket loads of cash ((which they don't)), and super scientists that can pull anything off given time, money and secrecy ((which they don't.)). Maybe I'm wrong too about what was meant though.
     
  8. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,321
    Location:
    AmstelodamUM
    I guess the different opinions are based on having a different definition of data removal.
    Zero'ing a drive is of a different magnitude imo than using a data scrubber for a bunch of files and folders, using relatively poor semi-random data.
    In my experience, a 'one-pass zero' will almost always do the job.
    With Killdisk you can always check the result afterwards. It has only once failed on me to completely fill a HDD, missing some tidbits at the beginning.
     
  9. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    If we are talking anything other than a full drive wipe and an actual product/feature in Windows, I stand corrected :)
     
  10. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    There are forensic forums, occupied by LE and the makers of forensic software. Some are public, and you can read exactly what they do in relation to stuff like TC, Eraser, etc... Also, when Fred Baclugen was hacked by Anonymous, they dumped 5 years worth of a private, LE Only forensic mailing list. In both instances, doing a search for TC, CCleaner, etc... I have found that properly implementing the tools and techniques we discuss here, puts a serious cramp in their ability. I found no major "A-Ha!" attacks against anything. It was all stuff that the low hanging fruit user, gets caught by. While I agree that full encryption is the only sure way, these other tools certainly have their place in a layered approach...and the adversary isn't superhuman with magical skills.

    PD
     
  11. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,390
    Regardless of speculations in this thread, I advise all of you to download and read the Data Sanitization Tutorial paper entitled Disk Drive Secure Erase for User Data (PDF link) at CMRR (Center for Magnetic Recording Research).

    -- Tom
     
  12. Please Help Me

    Please Help Me Registered Member

    Joined:
    Nov 6, 2012
    Posts:
    64
    Thank you very much for that article.

    Anyways the following quote says a lot. It is in the comments section about the following article on secure deletion:

    http://www.howtogeek.com/115573/htg-explains-why-you-only-have-to-wipe-a-disk-once-to-erase-it/

    I think the above quote sounds pretty valid. After many wipes, the data is essentially unrecoverable although tiny fragments of the original data may still be found. Of course, full-disk encryption is the only solution to protecting data.
     
  13. Enigm

    Enigm Registered Member

    Joined:
    Dec 11, 2008
    Posts:
    188
    http://hostjury.com/blog/view/195/the-great-zero-challenge-remains-unaccepted

    A poster here suggests that I, and everybody else who says it's total overkill, are government agents .
    I suggest that people who recommend 35x overwrite are in fact sales-agents for HDD-manufacturers !
     
    Last edited by a moderator: Jan 12, 2013
  14. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    so before reinstall an OS ...first encrypt the hd..and then wipe off hard drive 1 pass...should be good enough??
     
  15. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Thanks mate! :D

    To paraphrase the semi-popular movie 'The Usual Suspects':

    "The greatest trick that governments ever pulled...was convincing the masses that they can decrypt and/or recover...everything"

    Keyser Söze is a FED! :D

    IMO, once is enough...but if you have the time, more than once certainly doesn't hurt.

    PD
     
  16. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Pictures, or it didn't happen. If every bit was overwritten, what fragments were there? This goes toward the above question of "Did the dd command complete?" If the software works as advertised, and 100% of the bits are over-written, I ask again, what are the fragments? Maybe he's talking about the DCO and HPA? If so, BCWipe Total Wipe-Out gets those as well. So, if the software does indeed get 100% of the bits, I don't buy his hypothesis. I do agree that nuking it from orbit (encrypting) is the only way to be sure.

    PD
     
  17. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,051
    wow never seen so much paranoia come together in a single thread.:ninja:
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.