Lets assume the email server was sanitized before being turned over.
Forensics should be able to retrieve evidence of the sanitizing, plus any previously deleted emails should be able to retrieve from the ISP or this company in Colorado that had some sort of maintenance role with the server.
It all depends on how aggressive the investigation will actually be. That is an entirely separate issue cough cough.
Don't assume so. Hackers are in the business of covering tracks and removing clues. She's had plenty of time to hire a seriously talented hacker. She's also had plenty of time to disappear him. Just sayin'.
See my post upthread about the original delay tactic she employed to give herself time to cover her tracks.