Many types of data are confidential: Social Security numbers, credit card numbers, student grades, and more. You are responsible for the confidential information on your computer, to protect both your own information and information others have entrusted to you.
With the privacy invasions of recent years, each of us must take precautions to protect against the misuse of information, particularly the use of Social Security Numbers (SSNs). There are a number of tools that remove SSNs from hard drives and are available for free. Spider, an open-source forensic tool developed by Cornell University, is used internally by I&IT.
Spider identifies files that may contain confidential data by searching for patterns of numbers or letters that resemble Social Security numbers or credit card numbers (additional search patterns can be created using Unix regular expressions). It then creates a log, listing files identified as potentially containing confidential data. This log must be examined to identify and distinguish between files that are of a truly sensitive nature from those that are false positives. Steps to protect files that prove to contain confidential data may include encryption or the transference of files to a secure server or offline storage facility. Spider will misidentify certain types of files as containing confidential data, so every effort should be made to verify Spider's results.
Internally, Spider 2.9.4 for Windows has been tested. Spider 3 for Windows is beta software; the user should exercise caution. Likewise, although documentation is in progress and a download is available for Spider Beta Test for Mac OS X, the user should exercise caution.
To access the tool, click Spider (keep in mind the recommended considerations in the subsequent documentation when using Spider).
This page was last updated on October 26, 2007.
