Originally published by Wired. Article includes a quote from DriveSavers CSO, Michael Hall.
IT STARTED WITH a bad joke. When asked by reporters if her server had been wiped, the leading Democratic presidential candidate Hillary Clinton shot back: “What, like with a cloth or something?” Ha! You know, like dust. She then proceeded not to answer the question.
Like so many subpar technothrillers, the saga of Clinton’s email server has dragged on well beyond the point of exhaustion. The latest chapter, though, in which the FBI combs through the hardware that once hosted tens of thousands of Clinton’s digital epistles, raises the question of just how hard it is to vanish your data—or for someone else to retrieve it after you do.
There’s been mostly muddled information over whether Clinton, or more specifically Platte River Networks, the company entrusted with running her server, did effectively clear out whatever had been on there. In a March letter (PDF) to Congress, Clinton attorney David Kendall stated that “no emails from [email protected] for the time period January 21, 2009 through February 1, 2013 reside on the server or on any back-up systems associated with the server.” Clinton’s campaign, meanwhile, told PolitiFact that the emails had been “deleted,” a word with very different implications. Neither the Clinton campaign nor Platte River Networks responded to WIRED’s requests for clarification.
This may all seem like semantics, but it speaks to an important question for most of us. How can you be sure your data’s really gone?
Many of you may know this already, but if you don’t it may come as a rude surprise: Simply deleting something from your computer doesn’t make it go away.
Easily, at least, for a forensics lab like the FBI, which operates 15 Regional Computer Forensics Laboratories throughout the country. If there’s any trace left of emails on Clinton’s email server, they have a wide variety of tools available to them to sniff them out.
This sort of digital CSI takes expertise and specialized equipment, but given those it’s actually fairly straightforward. Which isn’t to say that the FBI will end up finding any of these things, or anything at all. In fact, there’s an equally good chance that they’ll come up empty.
According to NBC News, the FBI believes it “may be able to recover at least some data.” Which means the FBI feels fairly confident that Clinton and Platte River didn’t wipe the servers after all. If they did, there’s nothing anyone could do about it.
Much like how shouting “enhance” at a computer doesn’t really magically sharpen an image when you zoom in, despite what every movie and television show of the last 20 years might tell you, there are limits to what data forensics can achieve.
“There are a number of commercially available Department of Defense-approved utilities for wiping a hard drive or a server,” says Michael Hall, Chief Information Security Officer for DriveSavers, a data recovery and digital forensics shop. “Many of the utilities have the ability to wipe a file, a folder, the free space on the drive (also known as unallocated space) or the entire hard drive at a physical level.”
In other words, all it would take is some readily available—and in some cases, free—software to leave no trace of any digital correspondence.
That wouldn’t, though, leave the FBI totally without options. In addition to checking for deleted data on the server, Hall says, there’s a range of things they could try to track down.
“They are probably checking to see if there is evidence that some sort of wiping utility was used to overwrite the deleted data in unallocated space on the server,” explains Hall. “They could also be checking the address book of contacts to determine if they can find emails that had been sent or received that could still be located on another user’s device.”
Hall and Chozick are both quick to point out, too, that without more detail about what this email server actually is, what server software was used, and so on, there’s only so much one can know about this specific situation. Most of this, though, applies to pretty much any computer, be it a RAID-based server or an old ThinkPad.
Besides, what’s true regardless of those variables is that we all leave more of a trace than we might think. Then again, it’s comforting to know that if we ever do need to make our hard drives disappear, there are less messy solutions than busting out a hammer.