Identity Finder Search on Mac OS X

Starting a Search

What will Identity Finder scan and how long will it take?

  • Identity Finder will search your computer for any occurrences of Social Security numbers, credit card numbers, and passport numbers.
  • It will only search local hard drives and external USB drives.
  • It will not search remote drives connected to your computer over the network.
  • The length of the search will depend on several factors, including how much data is to be searched on your computer and the power of your computer.


  • Clear your browsers cache before you begin a search. This will help prevent some false positive results (click here to learn more).
  • Turn off antivirus software before beginning a search.
  • Check with your IT support person to ensure SECNAS storage is arranged for your department in case you need to move sensitive information from your machine to a secure storage location.
  • Initial Identity Finder scans generally take the longest to complete. We recommend launching your scan shortly before you leave work for the day so that the scan will be complete when you return to work.
  • The initial scan will return the most results but you don’t have to work through all the results in one sitting. Use the SAVE function so you can work on the results in more than one session if necessary.
  • If the scan identifies true sensitive data, consider if your University responsibilities require you to retain that data. Is your file the only copy or could you retrieve a copy if you needed it in the future? The safest defense against exposure is to “shred” (securely delete) the entire file containing the sensitive data. See below for a description of how to use Identity Finder to shred unneeded files, as well as other software options.
  • To begin a new search, click Search and Start.IDF-Search-MacSearch and Start


Working with the Search Results

  • When Identity Finder has finished scanning your computer, you will see a window indicating your search is complete, as well as a summary of results.

    Search Results Summary


  • Click the “x” button in the top left corner to close the status pop-up.
  • Now you can begin to work through the results of the scan and decide whether to shred, scrub, or ignore files.
  • If you are not able to go through all of the results in one sitting, the SAVE option allows you to save a copy of the search results to revisit at a later time.

Saving Search Results

  • When Identity Finder has finished scanning your computer, you can save the results. To save a copy of the search results, click File and Save As.


  • The standard Mac “Save As” window will appear, prompting you to enter a name and location for your file. Identity Finder files by default have a file extension of .idf.
  • You will be prompted to enter a password in order to protect the confidentiality of the search results. You will use this password only for the time it takes you to complete your remediation of the search results. Create a strong password and enter it where indicated. Be sure to keep a copy of the password in a secure location, such as a password safe, for use until you have addressed all the search results. If you forget your password, you will simply need to rescan your machine to reestablish the results.

    Save Secure Identity Finder Results File


Open Saved Search Results

Saved search results can be opened two ways:

  • Find the .idf file you saved and double click the file to resume.
  • Open Identity Finder and use the File and Open menu to open the saved search results.
    Open a Saved Search
  • You’ll be prompted to enter the password you created when you originally saved the search results.
  • Enter the password in the “IDF Password” field and click Open button to open the saved search results.IDF-OpenFile-Mac
  • You can now resume your work from the point where you left off.

About the Search Results

  • The Search Results window is divided into three panes:
    • Search Results Pane (A).
    • Preview Pane (B).
    • Properties Pane (C).

      Search Results (A), Preview (B), and Properties Panes (C).

Information about the results of your search include the full path to the file location, the identity match, a preview of the identity match as it occurs in the file, and other details.


Search Results Pane

The Search Results Pane (A) is positioned on the left side of the Identity Finder window.  It contains information about the results of your search and allows you to analyze those results and take action to protect any sensitive information.

  • You may find it useful to sort the results columns. To sort a column, click on the column header, then you should see an arrow to the right to sort in either ascending or descending order.
  • Clicking on any header will allow you to sort that column.

    Sorting Columns in the Search Results Pane

Preview Pane

Previewing Identity Matches

The Preview Pane displays an unformatted version of the result you have selected. The main body of the Preview Pane contains the section of the file in which your identity match was found. All identity matches are highlighted in yellow. You can use the Previous Match and Next Match buttons on the main ribbon or you can right click to move to the next or previous identity match within the same file.

The example below shows an identity match for a password entry. In this case, the result was a false positive.


Preview Pane

Properties Pane

Viewing the Properties Pane

The Properties Pane is part of the Preview Pane. The Properties Pane displays additional information about the item you are viewing, including:

  • Location name
  • Location type [= File type: Microsoft Excel file, Adobe PDF file, etc.]
  • Date Modified
  • Size
  • Owner [in the examples shown, the computer owner name has been removed]
  • Encrypted with EFS
  • Read-Only – If read-only or hidden files contain true sensitive information and you do not recognize these files, please ask your support provider for help.
  • Hidden – If read-only or hidden files contain true sensitive information and you do not recognize these files, please ask your support provider for help.

Properties Pane

Multiple Matches: Managing Row Display

Identify Finder will often uncover multiple potential identity matches within a single file. Each match will result in a one-line row describing the match. Identity Finder also displays a one-line summary row of all same-type matches within a file. This is helpful when a file contains many matches of the same type. Click Collapse all Rows on the main ribbon to hide the individual rows and show only the one-line summary row for multiple same-type matches in a file.

Note that you cannot see a preview from a summary row, as it refers to multiple matches – simply expand the summary row to show the individual matches and look at the preview pane for each match.

Summary rows only include same-type matches. Matches of differing types (e.g., SSN vs. credit card) will always be displayed in separate individual or summary rows.


Summary Row



Match Row

Selecting an Action for Identity Matches

Begin to work your way through your identity matches and choose one of the following actions: Shred, Scrub, or Ignore.

  • Detailed information about the Shred, Scrub, and Ignore actions are given in sections below. Here are some general guidelines:
    • If your search results include files containing sensitive information such as Social Security numbers, credit card numbers, or passport numbers:
        • You should consider whether you need to retain the file for university business.
        • If you don’t need to keep the file, shred it using Identity Finder.
        • If you need to keep the file but don’t need the sensitive information, scrub the file using Identity Finder
        • If retention of the sensitive information is required, store the SI safely on professionally managed, central file storage that meets the requirements of the System Administration Initiative (SAI). When essential for intensive local use, the SI may be stored on workstations or laptops that meet the required, enhanced security standards (please see page 18 of the Information Security Policy).
    • In connection with the preceding guidelines, it may be useful to review the University’s records retention policy.


Shredding an identity match will permanently delete the entire file containing the sensitive information.

NOTE: You should only shred a file if you no longer need the information contained in it or can obtain a copy from the official source if you might need the information in the future. Shredding a file renders the data unrecoverable.

If the sensitive information is required to be maintained on your machine for the conduct of University business, do not shred the file. Instead, the file should be scrubbed or moved to a safe data storage location.

  • If you choose to shred a file, you will see a window asking if you are sure you want to perform the action. Click Yes on the prompt to shred the file.IDF-Search-ShredIcon-Mac

    Shredding a File: Prompt

  • Upon completion of the Shred action, Identity Finder displays a confirmation message. Note that you can choose to not display confirmation messages following a successful shred.

    Successful Shred Action: Confirmation Message

  • If you shred an email message, the folder containing the message can still be read, you just will no longer be able to open the message you have shredded.


Scrub allows you to overwrite the characters that constitute an identity match while retaining the other data in the file. This can be a useful action if, for example, you found an identity match in a file that you have to keep. Scrub would allow you to overwrite the match, but you would still be able to keep the original file, without having to shred or move it.

  • Like Shred, you should exercise caution with the Scrub command. Data, once scrubbed, is not recoverable.
  • By default, Identity Finder scrubs data by overwriting it with a series of X(s).
  • If you choose to scrub a file, a window will appear asking to confirm this action. Click Yes on the prompt to scrub the file.IDF-Search-ScrubIcon-Mac

    Scrubbing an Identity Match from a File: Prompt


  • Upon completion of the Scrub action, Identity Finder displays a confirmation message. Note that you can choose to not display confirmation messages following a successful scrub.

    Successful Scrub Action: Confirmation Message

Note: Scrub is only available for specific file types. You may only scrub Office 2007 and higher files (i.e., docx, xlsx, pptx) and text files (i.e., *.txt, *.log, *.ini). It is not available for email or other search locations.


Ignoring a file tells Identity Finder to add the file location to a list that Identity Finder will ignore in future searches.

This feature should only be used if the data identified as sensitive information is not actually sensitive information. For example, Identity Finder may find a string of numbers in a file that appear in the same format as a Social Security or credit card number. This is known as a false positive and does not need to be removed. CAUTION: DO NOT USE IGNORE UNLESS YOU ARE 100% SURE THE DATA IS NOT SENSITIVE INFORMATION.

  • When you select the Ignore action, you see options to ignore the location, the identity match, or to manage your Ignore List. (Note: Ignoring a location means you are adding the file name to a list that will be ignored in future searches. This does not mean that the entire folder or drive containing the file will be ignored.)IDF-Search-IgnoreIcon-Mac
  • Select This Item Location to ignore a file location during the next Identity Finder search.

    Selecting This Item Location to Ignore a File Location in Subsequent Searches

  • If you select to ignore multiple locations, you will be prompted to confirm that you wish to perform that action.

    Ignoring Multiple Locations: Prompt


  • When you have finished working through your search results, there will be no more items to select on your search results page. IDF-EmptyScreen
    Search Results: Finished
  • Quit by clicking Identity Finder on the menu and then select QuitIDF-Quit
    Identity Finder: Exit
  • The next time you run a scan, Identity Finder will no longer search locations you indicated should be ignored.