But wait! There’s more! (Clinton e-mails)

| March 16, 2015

wiping-progress-screen

I was being interviewed a little while ago by John Batchelor for his show (The John Batchelor Show), talking — as we have a few times already — about the Clinton e-mail scandal. John asked me about recovery of deleted e-mails on the near-mythical clintonemail.com server; I pointed out that — in my opinion — there is a very good chance that the server has already been “sanitized”, that is, various “clean-up” programs have already been run on it to zero out all unused disk space, delete all temp and log files, reset all OS file metadata, and so on. I also pointed out that this could have been masked by saying, “Oh, we wanted to upgrade to Windows 7 (or 8.1, or whatever), so we did a clean wipe before installation.”

But then John asked a very important question, one that had escaped me through all this: he said (as best as I recall),

“What about the computers used by the Clinton staff to review and print the e-mails turned over to the State Department?”

Aha.

As I explained in my response, the purpose of an e-mail server is to hold and dispense e-mails to a client computer: laptop, workstation, mobile device, and so on. In other words, you don’t (and, for security reasons, shouldn’t) do work directly on the server computer. Thus, there is a good chance that during the e-mail review process, the staff was not working directly on the server itself; instead, they were using one or more laptops or desktop systems to do the keyword searches on the e-mail. And if that is the case, then there may be forensically-recoverable information about the e-mails on those systems as well.

In related news, Clinton associates are now trying desperately to walk back their original claim that the ‘private’ e-mails were deleted without examination. This means that forensic examination of those work systems is now even more important, since traces of the delete e-mails should be on those systems.

Assuming they haven’t already been sanitized as well.  ..bruce..

 

 

Be Sociable, Share!

Category: 2014 Election, Clinton E-mails, Information Technology

About the Author ()

Webster is Principal and Founder at Bruce F. Webster & Associates, as well as an Adjunct Professor of Computer Science at Brigham Young University. He works with organizations to help them with troubled or failed information technology (IT) projects. He has also worked in several dozen legal cases as a consultant and as a testifying expert, both in the United States and Japan. He can be reached at bwebster@bfwa.com, or you can follow him on Twitter as @bfwebster.

Comments are closed.