Thursday, August 20, 2015

The FBI's two track investigation of Hillary's server - Rick Moran

by Rick Moran

Investigators who examine her server might find all sorts of information — how it was configured, whether it received necessary security updates to fix vulnerabilities in software, or whether anyone tried to access it without permission.

The FBI received Hillary Clinton's private email server last week and is holding it in "protective custody" until the intelligence inspector general completes his investigation into how many classified emails were stored on it.

But the feds are already developing an investigative approach to how they will unravel the many mysteries connected with the server and will try to determine which – if any – laws were broken.

Associated Press:
Questions about her use of the server have shadowed her campaign for the Democratic presidential nomination. Clinton again this weekend repeated a carefully constructed defense of her actions, in that she did not send or receive emails marked classified at the time.
But her emails show some messages she wrote were censored by the State Department for national security reasons before they were publicly released. The government blacked out those messages under a provision of the Freedom of Information Act intended to protect material that had been deemed and properly classified for purposes of national defense or foreign policy.
What hasn't been released: data that could show how secure her system was, whether someone tried to break in, and who else had accounts on her system. A lawyer for Platte River Networks, a Colorado-based technology services company that began managing the Clinton server in 2013, said the server was provided to the FBI last week.
Indeed, many physical details of the server remain unknown, such as whether its data was backed up. In March, The Associated Press discovered that her server traced back to an Internet connection at her home in Chappaqua, New York.
A computer server isn't a marvel of modern technology. Just like a home desktop, the computer's data is stored on a hard drive. It's unclear whether the drive that Clinton used was thoroughly erased before the device was turned over to federal agents.
If it had been, it's also uncertain whether the FBI could recover the data. Clinton's lawyer has used a precise term, "wiped," to describe the deleted emails, but it was not immediately clear whether the server had been wiped. Such a process overwrites deleted content to make it harder or impossible to recover.
An FBI spokesman declined to comment.
Investigators who examine her server might find all sorts of information — how it was configured, whether it received necessary security updates to fix vulnerabilities in software, or whether anyone tried to access it without permission.
One track of the investigation will concentrate on will be determining who wiped the server – a possible obstruction of justice charge, since Congress had requested the emails stored on it before it was wiped.  The company Clinton used to house her server,  Platte River Networks, may have been responsible, but the FBI has yet to determine just how much control they had over the device, and who at the company could have accomplished the job.

The other track of the investigation will seek to determine how much, if any, data on the hard drive of the server can be recovered. 
Since her server was first installed in 2009, it most likely used a traditional hard disk-based device rather than a newer solid state unit that only has become commonly used in the last two or three years, said computer scientist Darren Hayes. Solid state drives, until recently, were much more expensive than their counterparts for storing lots of data.
Forensics experts would then have an easier time retrieving erased data because such older, disk-based servers are not as efficient in deleting material, said Hayes, assistant professor and director of cybersecurity at Pace University's School of Computer Science and Information Systems in New York.
"A hard disk drive is very difficult to manipulate," he said. "Once you get your hands on a hard drive, there's a lot you can recover."
Even after files are marked for deletion on a disk, Hayes said, their contents remain on the drive and can be retrieved. Even if the full file is gone, fragments can be pulled off the drive. Sometimes a complete email file even can be found inside other files marked for deletion.
This sounds fairly hopeful that something can be recovered, but this is a Clinton operation.  Would they really have handed over the server if there was any possible way the feds could recover information damaging to Hillary Clinton?

That's a question that will be answered in the coming months as the controversy continues to damage her campaign and put questions in the minds of voters about her honesty and trustworthiness.

Rick Moran


Copyright - Original materials copyright (c) by the authors.

No comments:

Post a Comment