What is the Gutmann Method?

Definition of the Gutmann Erase Method

Picture of a pencil erasing binary data
yenwen / E+ / Getty Images

The Gutmann method was developed by Peter Gutmann in 1996 and is one of several software based data sanitization methods used in some file shredder and data destruction programs to overwrite existing information on a hard drive or another storage device.

Unlike when using the simple delete function, a hard drive using the Gutmann data sanitization method will prevent all software based file recovery methods from finding information on the drive and is also likely to prevent most hardware based recovery methods from extracting information.

How Does the Gutmann Method Work?

The Gutmann data sanitization method is often implemented in the following way:

  • Pass 1 - 35: Writes a random character

The Gutmann method uses a random character for the first 4 and the last 4 passes, but then uses a complex pattern of overwriting from Pass 5 through Pass 31.

There is a lengthy explanation of the original Gutmann method here, which includes a table of the patterns used in each pass.

Is Gutmann Better Than Other Erase Methods?

The regular delete operation in your average operating system simply isn't sufficient for securely erasing files, since it just marks that file space as being empty so that another file can take its place. No file recovery program would have a problem resurrecting the file.

Therefore, there are lots of data sanitization methods you could use instead, such as DoD 5220.22-M, Secure Erase, or Random Data, but each of them is different in one way or another from the Gutmann method.

The Gutmann method differs from these other methods in that it performs 35 passes over the data instead of just one or a few. The obvious question, then, is whether the Gutmann method should be used over the alternatives.

It's important to understand that the Gutmann method was designed in the late 1900s.

The hard drives in use at that time used different encoding methods than the ones we use today, so most of the passes the Gutmann method performs are completely useless for modern hard drives. Without knowing exactly how each hard drive stores data, the best way to erase it is to use random patterns.

Peter Gutmann himself said here in an epilogue to his original paper that "If you're using a drive which uses encoding technology X, you only need to perform the passes specific to X, and you never need to perform all 35 passes. For any modern... drive, a few passes of random scrubbing is the best you can do."

Every hard drive uses only one encoding method to store data, so what's being said here is that while the Gutmann method may very well apply to many different types of hard drives that all use different encoding methods, writing random data is all that really needs to be done.

Conclusion: The Gutmann method can do this but so can other data sanitization methods.

Software That Uses the Gutmann Method

There exist programs that erase a whole hard drive as well as ones that erase specific files and folders only, that can use the Gutmann method.

DBAN, CBL Data Shredder, and Disk Wipe are a few examples of free software that support the Gutmann method for overwriting all the files on an entire drive.

Some of these programs run from a disc while others are used from within the operating system, so you should choose the right type of program if you need to delete the main hard drive (e.g. the C drive) versus a removable one.

A few examples of file shredder programs that can use the Gutmann method to erase specific files instead of whole storage devices, are Eraser, Securely File Shredder, Secure Eraser, and WipeFile.

Most data destruction programs support multiple data sanitization methods in addition to the Gutmann method, which means you can use the above programs for other erase methods too.

There are also some programs that can wipe the free space of the hard drive using the Gutmann method. This just means that the areas of the hard drive where there isn't any data can have the 35 passes applied so as to prevent file recovery programs from "undeleting" the information. CCleaner is one example.