Clinton Email Investigation: A Forensics PerspectiveInvestigator Rob Lee Explains the Process to Find Classified Emails
How did the FBI approach its examination of the computer of Democratic Party nominee Hillary Clinton's close aide Huma Abedin to determine if the former secretary of state and senior assistant exchanged emails that contained classified materials?
ISMG turned to digital forensics expert and author Rob Lee to explain the process the FBI likely used to see if classified materials resided on the computer Abedin shared with her estranged husband, former U.S. Rep. Anthony Weiner, D-N.Y. The FBI had been examining the computer as part of a criminal probe into Weiner texting images of himself to an underage girl in North Carolina.
FBI Director James Comey sent a letter informing Congress in late October that the bureau would investigate emails on the Abedin-Weiner computer to see if it contained classified materials, shaking up the campaign less than two weeks before the Nov. 8 presidential election. This past summer, Comey had said the FBI concluded an investigation into Clinton's use of a private email server and determined she didn't do anything illegal, although he criticized her for having classified materials on it.
But on Sunday, Nov. 6, Comey released a new letter to Congress, saying the review of the Abedin-Weiner computer did not charge the FBI's conclusion expressed in July that Clinton should not be charged with a crime. Comey's latest letter did not provide details on what the investigation into the Abedin-Weiner computer found.
In the interview (click player above to listen), Lee:
- Surmises how the FBI discovered the possibility that classified materials from the State Department could exist on the Abedin-Weiner computer;
- Describes the e-discovery tools the FBI likely employed to analyze emails and documents on the couple's computer; and
- Discusses the automated and manual processes likely used to determine whether classified materials exist on the computer.
Lee is an entrepreneur and consultant based in the Boston area, specializing in information security, incident response, threat hunting and digital forensics. He is the curriculum lead and author for digital forensic and incident response training at the SANS Institute. Lee has nearly two decades of experience in digital forensics, vulnerability and exploit discovery, intrusion detection/prevention and incident response.