Is the Gutmann Method a Good Way to Erase Data?

Picture of a pencil erasing binary data

yenwen / Getty Images

The Gutmann method was developed by Peter Gutmann in 1996 and is one of several software-based data sanitization methods used in some file shredder and data destruction programs to overwrite existing information on a hard drive or another storage device.

Unlike a simple file-delete operation, a hard drive using the Gutmann data sanitization method prevents all software-based file recovery methods from finding information on the drive and is also likely to prevent most hardware based recovery methods from extracting information.

How Does the Gutmann Method Work?

The Gutmann method uses a random character, instead of just the zero used in other techniques, for the first 4 and the last 4 passes, but then uses a complex pattern of overwriting from Pass 5 through Pass 31. It writes a total of 35 passes.

There is a lengthy explanation of the original Gutmann method, which includes a table of the patterns used in each pass.

Is Gutmann Better Than Other Erase Methods?

The regular delete operation in your average operating system isn't sufficient for securely erasing files, because it just marks that file space as being empty so that another file can take its place. No file recovery program would have a problem resurrecting the file.

The market supports several different data sanitization methods you could use instead, such as DoD 5220.22-M, Secure Erase, or Random Data, but each of them is different in one way or another from the Gutmann method. The Gutmann method differs from these other methods in that it performs 35 passes over the data instead of just one or a few. The obvious question, then, is whether the Gutmann method should be used over the alternatives.

The Gutmann method was designed in the late 1900s. The hard drives in use at that time used different encoding methods than the ones we use today, so most of the passes the Gutmann method performs are completely useless for modern hard drives. Without knowing exactly how each hard drive stores data, the best way to erase it is to use random patterns.

Peter Gutmann himself said in an epilogue to his original paper:

"If you're using a drive which uses encoding technology X, you only need to perform the passes specific to X, and you never need to perform all 35 passes. For any, a few passes of random scrubbing is the best you can do."

Every hard drive uses only one encoding method to store data, so what's being said here is that while the Gutmann method may very well apply to many different types of hard drives that all use different encoding methods, writing random data is all that really needs to be done.

Conclusion: The Gutmann method can do this but so can other data sanitization methods.

Software That Uses the Gutmann Method

DBAN, CBL Data Shredder, and Disk Wipe support the Gutmann method for overwriting all the files on an entire drive. Some of these programs run from a disc while others are used from within the operating system, so you should choose the right type of program if you need to delete the main hard drive (e.g. the C drive) versus a removable one. These three are free.

File-shredder programs that can use the Gutmann method to erase specific files instead of whole storage devices include Eraser, Securely File Shredder, Secure Eraser, and WipeFile.

Most data-destruction programs support several data sanitization methods in addition to the Gutmann method, which means you can use the above programs for other erase methods too.

There are also some programs that can wipe the free space of the hard drive using the Gutmann method. This just means that the areas of the hard drive where there isn't any data can have the 35 passes applied so as to prevent file recovery programs from "undeleting" the information. CCleaner is one example.

Was this page helpful?