Experts say portions of Hillary's emails are recoverable

By

Computer forensic experts interviewed by Politico told the publication that portions of Hillary Clinton's 30,000 emails deleted by her aides are almost certainly recoverable, although getting at them would be time consuming and expensive.

“Obviously Clinton has someone with technical capability to run a mail server for her. Whether that person is actively capable of interfering with an investigation, I don’t know. That’s another technological step up.” said Hal Pomeranz, founder of Deer Run Associates, a computer forensics investigation firm.

Rasch, the cyber-crimes prosecutor now in private practice, compared deleting an email in standard email systems, such as Microsoft’s Outlook or Google’s Gmail, to placing a computer desktop item in the recycle bin.

In other words, the item can still be recovered until you do something else, such as empty the bin.

With most email systems, that something else would be putting another email in the deleted email’s place, a process called “overwriting.” A file may need to be overwritten multiple times before it’s totally gone. It may fast begin to look like a piece of Swiss cheese, however, with section after section degraded or missing.

On a busy corporate network, a deleted email might be overwritten within a few hours because emails are constantly coming in and going out and system administrators are regularly compressing email storage to save space, said Jake Williams, a principal consultant at Rendition Infosec.

On a personal server with only one or a few users, however, it could take months or years to overwrite that space, said Williams, also a computer forensics consultant at the SANS Institute, a non-profit computer security training center.

Clinton’s statement from her March 10 press conference – “at the end, I chose not to keep my private personal emails” — suggests that the emails were not deleted sporadically over the course of the last several years but all at once a couple of weeks ago after she stopped regularly using the server or the email system. That would indicate that most of the emails are likely intact and in good shape, Williams said.

That’s provided, of course, that whoever deleted the emails simply pressed the delete key rather than running a more complex command, such as ordering the computer to “wipe” or “burn” its email contents or using a plug in that ensures deleted emails are rapidly overwritten.

If Clinton deleted the emails to hide something, it's safe to say she got the best IT expert available to do a good and thorough job of it. Even as arrogant as she is, it's hard to see why she would chance anything that made her culpable remaining on the server. 

But there is another way - following the email tree to recover the communications from those who received the emails:

“It’s an obvious point, but you can’t delete email,” Rasch said. “By definition, I have sent my emails to or received them from someone else, which means…someone else has a copy…Deleting emails is really not an effective way to conceal what you’re doing.”

Whatever the Benghazi committee does, they have to act fast. It's fairly certain that if Clinton has anything to hide, she would have already been engaged in covering her tracks in order to make it difficult for investigators to recover anything worthwhile.

Computer forensic experts interviewed by Politico told the publication that portions of Hillary Clinton's 30,000 emails deleted by her aides are almost certainly recoverable, although getting at them would be time consuming and expensive.

“Obviously Clinton has someone with technical capability to run a mail server for her. Whether that person is actively capable of interfering with an investigation, I don’t know. That’s another technological step up.” said Hal Pomeranz, founder of Deer Run Associates, a computer forensics investigation firm.

Rasch, the cyber-crimes prosecutor now in private practice, compared deleting an email in standard email systems, such as Microsoft’s Outlook or Google’s Gmail, to placing a computer desktop item in the recycle bin.

In other words, the item can still be recovered until you do something else, such as empty the bin.

With most email systems, that something else would be putting another email in the deleted email’s place, a process called “overwriting.” A file may need to be overwritten multiple times before it’s totally gone. It may fast begin to look like a piece of Swiss cheese, however, with section after section degraded or missing.

On a busy corporate network, a deleted email might be overwritten within a few hours because emails are constantly coming in and going out and system administrators are regularly compressing email storage to save space, said Jake Williams, a principal consultant at Rendition Infosec.

On a personal server with only one or a few users, however, it could take months or years to overwrite that space, said Williams, also a computer forensics consultant at the SANS Institute, a non-profit computer security training center.

Clinton’s statement from her March 10 press conference – “at the end, I chose not to keep my private personal emails” — suggests that the emails were not deleted sporadically over the course of the last several years but all at once a couple of weeks ago after she stopped regularly using the server or the email system. That would indicate that most of the emails are likely intact and in good shape, Williams said.

That’s provided, of course, that whoever deleted the emails simply pressed the delete key rather than running a more complex command, such as ordering the computer to “wipe” or “burn” its email contents or using a plug in that ensures deleted emails are rapidly overwritten.

If Clinton deleted the emails to hide something, it's safe to say she got the best IT expert available to do a good and thorough job of it. Even as arrogant as she is, it's hard to see why she would chance anything that made her culpable remaining on the server. 

But there is another way - following the email tree to recover the communications from those who received the emails:

“It’s an obvious point, but you can’t delete email,” Rasch said. “By definition, I have sent my emails to or received them from someone else, which means…someone else has a copy…Deleting emails is really not an effective way to conceal what you’re doing.”

Whatever the Benghazi committee does, they have to act fast. It's fairly certain that if Clinton has anything to hide, she would have already been engaged in covering her tracks in order to make it difficult for investigators to recover anything worthwhile.