With the US election only months away, and Hillary Clinton looking more and more likely to be the Democratic Party’s nomination to succeed Barack Obama, things are really hotting up.

But there is one thing lurking in the background that just won’t go away: The email scandal that has been following Clinton around and threatens to become a serious problem for her campaign.

Here’s a guide to what you need to know about this, along with some information on how digital forensics are being used in the FBI’s investigation.

What’s the Story?

Clinton became Secretary of State on January 21, 2009, and she stepped down on February 1st, 2013. On March 15th of the same year, her private email account was exposed.

A hacker called “Guccifer” accessed the account of a former aide of Bill Clinton, Sidney Blumenthal, and the exposure revealed that Clinton had communicated with Blumenthal with a private email account.

Screengrabs were published, which showed they had discussed sensitive issues relating to foreign policy.

After that, not much happened, and it wasn’t until 2014 that the issue started to get more attention. In December 2014, Clinton provided 50,000 pages of emails that had been printed out, which followed a request from the State Department.

In March 2015, she told reporters that she only used a personal email because she did not want to carry two devices for work and personal email. She deleted over 30,000 personal emails, and gave over 30,000 more to the State Department that were work related.

The Washington Post provides a great timeline if you want to follow the story right from the start with all the developments.

There has been a lot of discussion about this in the press, with opinion divided on just how serious it is. Critics have suggested she did it to get more control over the information that she provided to the government and that the emails should be available through freedom of information requests.

We will surely find out more in the coming months. But for now, it is interesting to see exactly what the FBI is getting up to in terms of its digital forensics as it investigates.

A Look at the FBI’s Digital Forensics

Mother Jones had an interesting article about the investigation that revolves around how Clinton has wiped the emails stored on the server but has now handed it to the FBI. The FBI wants to check whether emails on the server were handled properly according to official guidelines, and it wants to know whether any sensitive information was hacked.

The State Department has over 30,000 emails that Clinton provided them with that are work related, but it is the private emails that are most intriguing, and the FBI is working on these.

This area is not new. Companies like sunblocksystems.com have specialized in digital forensics and electronic discovery for years, and their techniques are becoming more advanced all the time.

In the article looking at how the FBI might work, and the challenges they face, the computer forensics expert Jon Berryhill is quoted. So what are the FBI doing?

In the article, Berryhill suggests that they will most likely make a forensic image copy of the server. This is standard practice when it comes to digital forensics, and it involves making an exact duplicate to work with.

Using this, the FBI can then find out if any of the data is recoverable. If all they find is zeros (data is made up of 1s and 0s), then there is nothing to find. But this should be possible to determine almost immediately.

He then mentions that the process of wiping is very specific when it comes to forensics. It is not like deleting, and various processes can be used. One such process is selective wiping, and if this was used, there may still be copies that they did not realize where there.

There are suggestions that the server has not been wiped, which means the FBI may be able to recover emails. But it depends on various factors, like the email system used, the way the files were deleted, and more.

He also suggests investigators might find a contact list, an address book, or header information even if they don’t find the actual email content, and that this could provide useful information.

He claims that if there is information to be found, automated tools will be used to go through the system and put the files together, but that this could take weeks.

Wait and See What Happens…

This case is still going on, and it may take a while before we find out what was on the email server. If useful information is discovered, we might also find out more about some of the digital forensics techniques that the FBI used to access the data, so keep an eye on the story as it plays out to find out what turns up.

Guest Author :

SunBlock Systems was founded in 2002 by David Sun, after working with leading investigative organizations as an expert in computer forensics and electronic evidence acquisition. He earned his Master’s degree in Electrical Engineering from Virginia Tech. Mr. Sun is also an adjunct professor at George Mason University where he has taught Computer Forensics for their Information Technology and Administration of Justice departments. He has more than 25 years domestic and international experience in information technology, engineering, and research fields, and has previously held positions at BroadBand Office and UUNet (MCI/Worldcom). Additionally he has provided technical consulting for Bell Atlantic, NYNEX and Pacific Telesis. As the subject of interviews and a regular contributor to industry magazines and journals, David Sun is frequently called upon to unravel fascinating digital forensic mysteries, and is increasingly sought out as a thought leader.