Redpill me on the Gutmann method

Redpill me on the Gutmann method.
Why exactly 35 and not 34 or 36?

Surely it's literally impossible to restore data that has been overwritten just once.

Attached: full_recycle_bin.jpg (480x480, 34K)

Deleting data keeps the data but marks the space as free. Overwriting it however renders it irrecoverable. Doesn't matter whether you do it one time or 35 times.

Well 1 time might leave SOME data not overwritten. With 35 passes, it's incredibly unlikely to keep any data not overwritten.

1 pass is sufficient on mechanical drives. The surface of the disk can not be recovered after that, aside from a few proof of concept methods such as the electron microscope.
Fragments of data may remain behind in reallocated sectors, particularly on older drives. Multiple passes will not help with that. 1 wipe is enough if you're selling a used drive. If you're a terrorist, physically destroy the drive.

On SSDs it's more complicated due to wear leveling. If the drive supports ATA Secure Erase that is the best method AFAIK.

gutmann is a meme. one pass is all you need.

No longer physically realistic. The scale of operations in modern hard drives is so small that it's all but impossible to recover 'residual data'. A study done some years ago was able to recover a number of correct bytes, but not in proximity to each other.

The only reason the feds still stand by multiple overwrites is for the assumption that future technology will be able to recover that which is currently impossible.

I have personally recovered full, uncorrupted images after overwriting the entire disk three times. About 10% of data was still readable to some degree after doing this. I upped it to seven and afterward nothing is recoverable.

>things that never happened

34 for porn only

Keep telling yourself that. It doesn't even take that long to correctly wipe a disk, and it's not like hard disks are going to be killed by a few extra hours of writes. I just leave it overnight when I have to wipe a disk.

However, I will grant you that this was a disk manufactured in 2011 and it was only 500GB, so it's possible that what said is correct and disks you might buy today would not be as easy to recover data from after being overwritten.

We can't make actual undeleted data to not rot away

gutmann method is fucking retarded as shit

Just physically destroy the drive.

I'm curious: does a full format nuke the drive? I know the quick format feature just basically deletes all file pointers but doesn't destroy their data.

Great thread. I was looking for something related. Doing an ATA secure erase on a SSD just marks all its sectors as clean right? does it affect the life of the SSD?

Attached: me.png (470x469, 489K)

It does not nuke the drive. It performs a scan for bad sectors, as if you ran chkdsk with all the options enabled.

Depends on the OS implementation iirc. Some newer versions of windows will write and check a test pattern, effectively wiping the drive.

I have trouble believing this, unless you wiped the drive incorrectly.

This desu. A sledgehammer (or drive press/degausser if you want to be boring) is not prone to circumvention due to error or future recovery technology.

Gutmann was made back in a time where HDs were less dense and thus fragments of data were easier to recover.

Basically each one of the 35 passes write different shit so it becomes impossible to read anything from the disk.Thing is, it's huge waste of time specially now that we have HDs with terabytes of density.

1 pass already makes close to impossible to recover data,unless you have an expensive technology and even then it's not like (((they))) can recover entire files.

3 passes is enough even if you think the fbi will knock your door soon. Make sure to overwrite MFT though otherwise they can infer what you drive had.

anything more than that is a waste.Even the DoD uses 3 passes.

I used DBAN DoDShort to wipe the drive and Recuva to recover the data. Windows just saw a blank drive.

The 35 passes were formulated to flip all bits on different hard disk encodings, none of which are used today. So it's completely obsolete. Use 1-3 random passes.

1 time isn't good enough. Through statistical methods it's very easy to determine the likelihood that a 0 used to be a 1, or that a 1 was a 0. The more passes you do the more you obsfucate the stats.

>talking out of your ass

>does it affect the life of the SSD
if you got a 1TB ssd then by erasing it you basically write 1TB of data on it

The Gutman method was based on some specifics about the physical side of hard drives a long time ago. You can google it and find out how it was designed. It's pretty neat to read through.

>overwrite MFT
quick rundown on that?
does dban cover it?

Master File Table(MFT) keeps metadata from the files that exist(or existed) in the HD. Not all programs overwrite the MFT and there were cases where the police proved someone had illegal content on their PCs by just looking at the MFT.

I'm not sure if dban wipe the MFT but other softwares like bleachbit and cclenear do it.

Windows seeing a blank drive means nothing. I don't know how dban operates, but it's possible that the default settings, or settings you chose, caused it to not wipe the drive fully.

In simpler terms, the MFT (or FAT) tells you where files are on the disk, how big they are, and what they're named. The file itself is stored elsewhere on the disk.

does this happen only on a disk with an OS installed or does it also exist on extrnal/secondary drives

All drives. I think with the latest versions of windows there's also two copies of the MFT, one near the 'start' of the partition and one in the 'middle' of the allocated space within the partition

how does an encrypted drive work with mft?
encrypt a full hdd
delete the partition
what would be the status of the mft then?
will it still have the data from pre-encrypt? from the encrypt? nothing?

>caused it to not wipe the drive fully
Nope. With DBAN you point it at a drive and select a wipe method and it overwrites and verifies according to the method. For DoDShort it's one pass of zeros, one pass of ones, and one pass of junk data from a PRNG, full DoD is seven passes following a similar pattern. It wiped the full volume, but Recuva was still able to read full images from the disk after three passes.