Forensics , Governance & Risk Management , Information Sharing
How Will FBI Examine Hillary's Server?
Forensics Experts Weigh in on Clinton InvestigationNow that federal authorities have custody of Hillary Clinton's private email server, how might they forensically examine it?
Clinton, who's campaigning to seek the Democratic Party nomination for president, was under pressure to surrender her email server to federal authorities (see Clinton's Email Brouhaha and Politics). She used the private server instead of an email account provided by the State Department while secretary of state. She's been criticized for putting government secrets at risk by using this private email server. Clinton contends that she never received or sent email messages labeled top secret, but the inspector general for the intelligence community says two of 40 messages he reviewed contained "top secret" information, although they were not marked as classified.
An attorney for Clinton says she has turned over the email server, along with a thumb drive containing email messages, to be examined by federal authorities to determine whether the privately-controlled server placed government secrets at risk (see Was Clinton Server Exposed to Hacks?).
The U.S. Justice Department and FBI haven't shared how their forensics investigators will examine the email server. But to get an idea how federal authorities might approach such an investigation, Information Security Media Group spoke with four forensics examination and cybersecurity experts, with their observations presented in an audio report that you can access by clicking on the player beneath Clinton's picture.
The experts are:
- Rob Lee, digital forensics and incident response lead at the SANS Institute, who explains how classified material messages can be sent even if they're not labeled classified;
- Steven Burgess, owner of Burgess Forensics, who describes the process on how forensics examiners cull through 30,000 emails to determine which ones should be deemed classified;
- Garet Moravac, founder of the cybersecurity strategy consultancy Bend the Bar, who explains that systems can be configured to reject classified messages, and how logs could identify attempts to circumvent or disable such protections; and
- Kawika Daguio, an independent security risk management consultant and forensics investigator, who contends examiners must provide an interpretation of their findings from their investigation, and not just lay out the facts.