Identity Finder Search on Windows

 Starting a Search

 What will Identity Finder scan and how long will it take?

  • Identity Finder will search your computer for any occurrences of Social Security numbers, credit card numbers, and passport numbers.
  • It will only search local hard drives (C:, D:, etc.) and external USB drives.
  • It will not search remote drives connected to your computer over the network.
  • The length of the search will depend on several factors, including how much data is to be searched on your computer and the power of your computer.

Recommendations

  • Clear your browser’s history and cache before you begin a search.  This will help prevent some false positive results (click here to learn more).
  • Check with your IT support person to ensure SECNAS storage is arranged for your department in case you need to move sensitive information from your machine to a secure data storage location.
  • Initial Identity Finder scans generally take the longest to complete. We recommend launching your scan shortly before you leave work for the day so that the scan will be complete when you return to work.
  • The initial scan will return the most results but you don’t have to work through all the results in one sitting. Use the SAVE function so you can work on the results in more than one session if necessary.
  • If the scan identifies true sensitive data, consider if your University responsibilities require you to retain that data. Is your file the only copy or could you retrieve a copy if you needed it in the future? The safest defense against exposure is to “shred” (securely delete) the entire file containing the sensitive information. See below for a description of how to use Identify Finder to shred unneeded files, as well as other options for remediating search results.
  • To begin a new search, click File and Start Search.
    EnterpriseClient-StartSearch

    File and Start Search

Working with the Search Results

  • When Identity Finder has finished scanning your computer, you will see a window indicating your search is complete, as well as a summary of results.
    Enterprise-Client-Search-Summary

    Search Results Summary

  • Click the Advanced button to continue. You then should see a window displaying your search results.
    EnterpriseClient-SearchResultsStart

    Search Results

  • Now you can begin to work through the results of the scan and decide whether to shred, scrub, or ignore files.
  • If you are not able to go through all of the search results in one sitting, the SAVE option allows you to save a copy of the search results to revisit at a later time.

Saving Search Results

  • When Identity Finder has finished scanning your computer, you can save the results.
  • To save a copy of the search results, click File and Save As.
    EnterpriseClient-File-SaveAs
    Saving Your Search Results
  • The standard Windows “Save As” window will appear, prompting you to enter a name and location for your file. Identity Finder files by default has a file extension of .idf.
    EnterpriseClient-File-SaveAs2
  • You will be prompted to enter a password in order to protect the confidentiality of the search results. You will use this password only for the time it takes you to complete your remediation of the search results. Create a strong password and enter it where indicated. Be sure to keep a copy of the password in a secure location, such as a password safe for use until you have addressed all the search results. If you forget your password, you will simply need to rescan your machine to reestablish the results.
    EnterpriseClient-File-SaveAsPasswdDialogue
    Save Secure Identity Finder Results File

 

Open Saved Search Results

Saved search results can be opened two ways:

  • Find the .idf file you saved and double click the file to resume.
  • Open Identity Finder and use the File and Open dialogue to open the saved search results.
    EnterpriseClient-File-OpenSavedSearch
    Open a Saved Search
  • You will be prompted for the password you created when you originally saved the search results.
  • Enter the password in the password field and click OK to open the saved search results.
    EnterpriseClient-File-OpenSavedSearchPassword
    Open Saved Search: Enter Password
  • You can now resume your work at the point where you left off.

About the Search Results

  • The Search Results window is divided into three panes:
    • Search Results Pane (A).
    • Preview Pane (B).
    • Properties Pane (C).
      EnterpriseClient-SearchResultsThreePanesABC

      Search Results (A), Preview (B), and Properties Panes (C).

 

Information about the results of your search include the full path to the file location, the identity match, a preview of the identity match as it occurs in the file, and other details.

 

Search Results Pane

The Search Results Pane (A) is positioned on the left side of the Identity Finder window.  It contains information about the results of your search and allows you to analyze those results and take action to protect any sensitive information.

  • You may find it useful to sort the results columns.
  • To sort a column, right-click on the column header, move to Sort and choose the desired option. You may sort by several columns at once.
    EnterpriseClient-SearchResultsSortColumns

    Sorting Columns in the Search Results Pane

Preview Pane

Previewing Identity Matches


The Preview Pane displays an unformatted version of the file you have selected. The main body of the Preview Pane contains the section of the file in which your identity match was found. All identity matches are highlighted in yellow. You can use the Previous Match and Next Match buttons on the main ribbon or you can right click to move to the next or previous identity match within the same file.

The example below shows an identity match for a password entry. In this case, the result was a false positive.

EnterpriseClient-SearchResultsPreviewPane

  • Preview Pane

Properties Pane

Viewing the Properties Pane

Like the Preview Pane, the Properties Pane has been enabled by default but can be removed or added back to your view by clicking the Properties Pane button on the Configuration ribbon.  The Properties Pane displays additional information about the item you are viewing, including:

  •     Location name
  •     Location type [= File type: Microsoft Excel file, Adobe PDF file, etc.]
  •     Date modified
  •     Size
  •     Owner [in the examples shown, the computer owner name has been removed]
  •     Encrypted with EFS
  •     Read-Only – If read-only or hidden files contain true sensitive information and you do not recognize these files, please ask your support provider for help.
  •     Hidden – If read-only or hidden files contain true sensitive information and you do not recognize these files, please ask your support provider for help.
EnterpriseClient-SearchResultsPropertiesPane

Properties Pane

Multiple Matches: Managing Row Display

Identity Finder will often uncover multiple potential identity matches within a single file. Each match will result in a one-line row describing the match. Identity Finder also displays a one-line summary row of all same-type matches within a file. This is helpful when a file contains many matches of the same type. Click Collapse all Rows on the main ribbon to hide the individual rows and show only the one-line summary row for multiple same-type matches in a file.

Note that you cannot see a preview from a summary row, as it refers to multiple matches – simply expand the summary row to show the individual matches and look at the preview pane for each match.

Summary rows only include same-type matches; Matches of differing types (e.g., SSN vs. credit card) will always be displayed in separate individual or summary rows.

 

EnterpriseClient-SearchResultsParentRow

Summary Row

 

EnterpriseClient-SearchResultsChildRow

Match Row

Selecting an Action for Identity Matches

Begin to work through your identity matches and choose one of the following actions: Shred, Scrub, or Ignore.

  • Detailed information about the Shred, Scrub, and Ignore actions are given in sections below. Here are some general guidelines:
    • If your search results include files containing sensitive information such as Social Security numbers, credit card numbers, or passport numbers:
        • You should consider whether you need to retain the file for University business.
        • If you don’t need to keep the file, shred it using Identity Finder.
        • If you need to keep the file but don’t need the sensitive information, scrub it using Identity Finder
        • If retention of the sensitive information is required, store the SI safely on professionally managed, central file storage that meets the requirements of the System Administration Initiative (SAI). When essential for intensive local use, the SI may be stored on workstations or laptops that meet the required, enhanced security standards (please see page 18 of the Information Security Policy).
    • In connection with the preceding guidelines, it may be useful to review the University’s records retention policy.

Shred

Shredding an identity match will permanently delete the entire file containing the sensitive information.

NOTE: You should only shred a file if you no longer need the information contained in it or can obtain a copy from the official source if you need that information in the future. Shredding a file renders the data unrecoverable.

If the sensitive information is required to be maintained on your machine for the conduct of University business, do not shred the file. Instead, the file should be scrubbed or moved to a safe data storage location.

  • If you choose to shred a file, you will see a window asking if you are sure you want to perform the action.
    EnterpriseClient-SearchResultsShred Prompt

    Shredding a File: Prompt

  • Upon completion of the Shred action, Identity Finder displays a confirmation message. Note that you can choose to not display confirmation messages following a successful shred.
    EnterpriseClient-SearchResultsShredSuccess

    Successful Shred Action: Confirmation Message

  • If you shred an email message, the folder containing the message can still be read; however, you will no longer be able to open the message you have shredded.

Scrub

Scrub allows you to overwrite the characters that constitute an identity match while retaining the other data in the file. This can be a useful action if, for example, you found an identity match in a file that you have to keep. Scrub would allow you to overwrite the match, but you would still be able to keep the original file, without having to shred or move it.

  • Just like Shred, you should exercise caution with the Scrub command. Data, once scrubbed, is not recoverable.
  • By default, Identity Finder scrubs data by overwriting it with a series of X(s).
    EnterpriseClient-SearchResultsScrub

    Scrubbing an Identity Match from a File

 Note: Scrub is only available for specific file types. You may only scrub Office 2007 and higher files (i.e., .docx, .xlsx, .pptx) and text files (i.e., .txt, .log, .ini). It is not available for email or other search locations.

Ignore

Choosing to ignore a file tells Identity Finder to add the file name to a list that Identity Finder will ignore in future searches.

This feature should only be used if the data identified as sensitive information is not actually sensitive information. For example, Identity Finder may find a string of numbers in a file that appear in the same format as a social security or credit card number. This is known as a false positive and does not need to be removedCAUTION: DO NOT USE IGNORE UNLESS YOU ARE 100% SURE THE DATA IS NOT SENSITIVE INFORMATION.

  • When you select the Ignore action, you see options to ignore the location, the identity match, or to manage your Ignore List. (Note: Ignoring a location means you are adding the file name to a list that will be ignored in future searches. This does not mean that the entire folder or drive containing the file will be ignored.)
    EnterpriseClient-SearchResultsIgnoreInitial

    Ignoring a Location

  • Select “This Item Location” to ignore a file location during the next Identity Finder search.
    EnterpriseClient-SearchResultsIgnoreThisLocation

    Selecting This Item Location to Ignore a File Location in Subsequent Searches

  • If you select to ignore multiple locations, you will be prompted to confirm that you wish to perform the action.
    EnterpriseClient-SearchResultsIgnoreMultipleLocations

    Ignoring Multiple Locations: Prompt

  • When you have finished working through your search results, there will be no more items to select on your search results page. 
    EnterpriseClient-SearchResultsFinish
    Search Results: Finished
  • Exit from Identity Finder by clicking File and then Exit
    EnterpriseClient-Exit
    Identity Finder: Exit
  • The next time you run a scan, Identity Finder will no longer search locations you indicated should be ignored.

Resources