Chain of possession...wouldn’t the first step be establishing that the current hard drives are in fact the original and or logged replacement drives?
And that leads to the question of who specified the system, hardware and software,purchased and installed it, doesn’t it?
Not to mention security and maintenance for necessary security patches. Who performed this work and how often. The easy hack is possible when you have physical access to the system. Files could have been leaving in bulk in this manner avoiding NSA monitoring. As well as spyware and such being installed.
There is a whole other chain that needs to be exposed.
It is highly improbable that they are, or that there is any record of that, and it may be impossible to determine. If a third-party hosting service or services hosted her email on a "dedicated" server, as many claim to do, there is a very high probability that it was virtualized.
A virtual server on network attached storage [NAS] would not have used a hard-drive in the sense that you mean. The entire environment could have been imaged when clintonmail was moved [it is believed to have been moved at least once before it wound up at PRN, it may have also been imaged again when the move to PRN was made.] That means there could well be multiple copies of the clintonmail "server" in existence. It also means an unscrupulous operator [which clintonmail's second hosting service is rumored to be] could have copied virtual copies of the server and sold them.
Anyone from an owner, admin, developer, or even network technician in a lax environment might have had access to the clintonmail "server," might have made images, and those images could be sold to anyone in the world. And there would be no trace of such an operation. It's not even a hack: just getting your hands on the backup of a virtual machine image containing the "server" gives you everything. No IP addresses, no potential NSA logs of what happened.
Nothing. Only the seller and buyer would know the image was ever made.
And, a compressed virtual server image holding a relatively small operation like clintonmail could easily fit on removable media as small as 16 GB.
There is another aspect of this which makes no sense. The .pst files referred to by David Kendall are not server-side files. Those are Microsoft Outlook databases for personal email. Those .pst files were on somebody's desktop, and they could very easily have been tampered with. Any decent coder could put together a program to remove every email from, say, Giustra@UraniumOne in about an hour, and every thread of a conversation to particular recipients in an afternoon at the most.
That David Kendall has that material on removable media tells you that at least one person had access to the desktop -- the person who made the copy. And that person might well have created a very "special" copy before turning it over to the Clintons' lawyer.