Hillary Clinton’s Email Scandal
Maybe using the term “scandal” in the title of this article might be a bit over-the-top for some. For others, it might not be harsh enough. In any event, the political nature and political implications of “Hillary Clinton’s Email Scandal” is not our focus. The focus will be on the computer forensics side of the case.
Unless you’ve been hiding under a rock for the past year and a half, it is likely that you are already aware of this story. However, for those who have been under a rock, let’s bring you up to speed. Hillary Clinton was using a private email server during her years serving as the secretary of state. It doesn’t seem like that big of a deal, right? Unfortunately, she used this server to conduct official State Department business, which included sending and receiving thousands of emails labeled confidential, secret, and top secret. That’s a big no-no. In addition, she had repeatedly claimed that she did not send or receive classified emails, yet the FBI found that she had. So, how did the FBI figure that out?
There’s no doubt that the FBI took a common computer forensics approach in this investigation. In order to preserve the integrity of the data, it is highly likely that the FBI computer forensics examiners made an image of the email server first. That way, they would be able to search for evidence without disturbing the original server. They also likely establish a chain of custody, identified the order of volatility, and so forth.
One of the challenges that the FBI had to face during this investigation was, as FBI Director James Comey put it from his statement on FBI.gov, “the lawyers clean their devices in such a way as to preclude complete forensic recovery.” So, some evidence was successfully destroyed, but not all of it. We know that there is more to trying to “clean” or wipe hard drives than merely hitting the delete key. Even if the process of wiping the data was successful, it is likely that the FBI was able to follow a paper trail in order to recover evidence in this case. I’m sure there are plenty of “To:’s,” “From:’s,” “CC:’s,” and “BCC:’s” on those emails. They may have also been able to get their hands on a RAID array, an external hard drive, or even a USB drive that contained evidence. Maybe Hillary likes to print her emails? In any event, the FBI extracted important evidence.
Another interesting conclusion that the FBI came to was that Hillary’s email setup never experienced a breach of any kind. However, Comey conceded that, “we assess it is possible that hostile actors gained access to Secretary Clinton’s personal email account.” It will be interesting how this case evolves. Future blog articles regarding this topic are very likely. Stay tuned.