First off, CrowdStrike, the company the DNC brought in to initially investigate and remediate the hack, actually shared images of the DNC servers with the FBI. For the purposes of an investigation of this type, images are much more useful than handing over metal and hardware, because they are bit-by-bit copies of a crime scene taken while the crime was going on. Live hard drive and memory snapshots of blinking, powered-on machines in a network reveal significantly more forensic data than some powered-off server removed from a network. It’s the difference between watching a house over time, carefully noting down who comes and goes and when and how, versus handing over a key to a lonely boarded-up building. By physically handing over a server to the FBI as Trump suggested, the DNC would in fact have destroyed evidence. (Besides, there wasn’t just one server, but 140.)
An advanced investigation of an advanced hacking operation requires significantly more than just access to servers. Investigators want access to the attack infrastructure—the equivalent to a chain of getaway cars of a team of burglars. And the latest indictments are rich with details that likely come from intercepting command-and-control boxes (in effect, bugging those getaway cars) and have nothing to do with physical access to the DNC’s servers.
The FBI and Robert Mueller’s investigators discovered when and how specific Russian military officers logged into a control panel on a leased machine in Arizona. They found that the GRU officers secretly surveiled an empoyee of the Democratic Congressional Campaign Committee all day in real time, including spying on “her individual banking information and other personal topics.”