Recovering Data from Guttman 35 pass?
A few days ago I did some summer cleaning on my computer, moving a bunch of old files to an external Flash drive for backup and then deleting them from the computer. To make sure that no one could recover my old photos or videos, I used this program called Eraser to wipe the free space after I moved the files. I used the Guttman method (35 passes) to wipe the free space on my hard drive.
Is there any way someone could recover this data even after I wiped it with 35 passes? Let's say I sold my hard drive on Amazon and someone bought it. Would they be able to do it?
43 Answers
On modern mechanical drives, all data is completely gone after one pass.
3The Guttmann method if applied properly and thoroughly should have rendered the data on the drive completely unrecoverable.
For the most part a far less comprehensive erase would be fine - Guttmann protects against attacks which are basically theoretical only and if even possible would likely beyond anyone but intelligence agencies and others with that level of skill and resource.
2Not to beat a dead horse here, but as we've seen in the past few years, solutions are usually found after issues/concerns that arise when it comes to the security sector. A prime example would be when Apple would not turn over the keys to the government for iMessage. What did they do? They found someone who was determined enough to crack it.
Now given that national security is high and electronic information has become the new standard and highly sought after, I can assure you that larger organizations (ie. governments) have some of the most talented individuals slaving away at specific targets of interest (ie. the Apple case, or the takedown of Silk R@ad). The solution to data safety? Stop worrying so much about which encryption to use and start setting up logistics that will keep you off the "persons of interest" list. This goes for both governments and cybercriminals alike. If you have a 100k car, showing it off, and someone asks you how you made it and your reply is bitcoin - your chances of becoming a target to data deft is significantly higher.
Stay off the map if youre worried about your data being compromised, and also you should weigh your options as to wether the data you're treating better than gold is even worth its weight in gold. FYI, gold is usually locked in a single vault. A big vault, yes, and with a dinky cage up front, but you wont find 35 methods of keeping you out before you reach it. It just isn't feasable.
If someone really wants to retrieve your data and has the resources to fund the endeavor, best believe there will be talented minds coming out of the woodworks to destruct something made by someone with less skills and experience than them. I remember one case where a gov organization needed to extract files from a supposedly wiped and destroyed device, and one of the brilliant minds they hired found a way to extract enough data from the RAM somehow. So do your best to encrypt, but don't go overboard. IF you're caught and have a big enough profile case, the goverment will go to any lengths to prosecute you. Even break the law and cover it up, just like the case in Silk R@ad where they illegally hacked into the servers and did not disclose how they even did so.
With all of this being said, I think military grade 7-pass is plenty, if not overkill for most users. It takes forever, and if you're trying to keep stuff away from your spouse or whatnot...you're being paranoid. Again, Id focus on staying under the radar and practicing to blend in with everyone else regardless of what community you may belong to. Just wanted to throw my 5 cents into this subject.
1
