Will forensic computer technicians be able to find a Hillary Clinton email if it was deleted from her server? It’s about the most popular question I get asked these days. So, for your reading pleasure, a primer on email deletion, data destruction and hard drive erasing.
Emails Cannot Be Deleted
First, and this is important, emails (by definition) cannot be deleted. Either you receive an email or you send one. Which means complete copies are sitting in the sender’s sent folder and in your inbox, or complete copies are sitting in your sent folder and in the recipient’s inbox. In other words, there is a copy of every email you’ve ever sent or received somewhere that is not in your control, so deleting your copies will (again by definition) only solve half of your problem.
No matter which type of email system you use (POP3 or IMAP), there is also a copy sitting on the server. So, in practice, emails don’t really come in pairs; they always live in at least three places. For group emails, just multiply by number of recipients (and their respective email servers). Oh, and if you are using POP3 (depending on how it’s configured), there’s a very good chance that every device that accesses the email server has a full copy of every email thread on it too (PC, handheld, tablet, etc.). Emails are forever! Remember that the next time you write one.
Recycle Bin or Trash
Deleting an email by dragging it to the Recycle Bin (Windows) or the Trash (OS X) is almost the same as making a new folder called “Stuff I Don’t Want” and dragging the file into it. It is not even a little bit deleted; it’s just moved out of the way. When you empty the Recycle Bin or Trash, the file is still findable. When you “Secure Empty Trash,” you destroy the operating system’s reference to the file, but not much else. Any sufficiently skilled forensic data technician can recover most of the email if asked to do so before the rest of the file is written over.
When are files written over? Depending on the size of the storage device and how much usable space is available, it may only take a few hours. On a private email server that services only a few accounts, it could take days or even months.
Data Detection (Recovery)
Let’s say that the government didn’t have the power to subpoena every device from every person who ever worked with you or with whom you ever corresponded via email. Let’s say that someone was going to take a very close look at your email server’s storage area (hard drive, solid state storage). And let’s say that this particular person wanted to know if you had deleted any emails and, if so, what they might have contained. Or, to say it another way, some interested party was going to scan your hard drive to determine what used to be on it. How would that be done?
The technician would use any one of a zillion track-by-track hard disk recovery tools. Ontrack® EasyRecovery™ Enterprise is one of the most popular tools. And if you’re nontechnical, you can just send them the drive and they’ll do the work for you. This is child’s play for anyone who can read.
Data Destruction (Deletion)
How do you delete data so it can’t be recovered? To really get the job done, you’ll need some data destruction or data sanitization software aka disk wipe software or HD eraser software. There are so many free, and close to free, versions of this utility software available online, I could not possibly mention them all. My favorite tool is DBAN 2.3.0 (Darik’s Boot And Nuke). Everyone just calls it DBAN. It’s hard to learn, but awesome to use. If you really want to erase a hard disk, this is the tool. If you just want to selectively remove files, File Shredder works great. If you want more choices, or if you have a very specific data destruction project, just Google exactly what you want to do – there is a world of information available online to help you destroy data on a local drive. The best use of this kind of software is to fully erase a disk you want to donate to charity or to wipe a disk on a device you are going to discard. But clearly there are other uses for this technology.
My Computer, Backup Software, Servers and the Cloud
Removing files (email or other file types) from the universe requires skills and knowledge most people do not possess. Does your computer automatically back up to Time Machine (Mac) or Windows Backup (Windows)? Do you store files in a cloud-based system like Dropbox, Box or Google Drive? Does your company use Exchange Server or Gmail or some other cloud-based email? Where are the file servers located? What is the server backup protocol? Are you on a Virtual Private Network? Do your other devices (handheld, tablet, desktop, laptop) automatically sync to your computer? The list of questions you need to answer before you can be sure that a file is deleted is remarkably long. Unless you are an IT expert, don’t even think about trying to “fully erase” a file. You are guaranteed to fail.
What Will the FBI Find on Hillary’s Email Server?
If Hillary hired the right people, the files (and any fragments) have been erased from the server. But, as stated at the beginning of this article, those files (or fragments) live in many other places. If Madam Secretary hired the wrong people, there will probably be fragments of deleted files available for examination. If she really hired the wrong people, we’ll see all of the deleted files.
The Biggest Lesson
The biggest lesson from Hillary is the oldest lesson of all: Don’t write anything in an email you would not write on the homepage of your website. It’s really that simple.