Identify Finder Search and Remediation for Windows

Security

Identify Finder Search and Remediation for Windows

These instructions are for scanning your Windows computer and any attached drives for Personally Identifiable Information (PII) and remediating scan results.

It's important that you read and follow these instructions to properly remediate your computer. This document also assumes that the Identity Finder software has already been properly installed on your computer by your IT support staff.  Each user on a shared computer must run their own scan.

 

Personally Identifiable Information (PII)

Refers to information that can be used to uniquely identity, contact, or locate a single person or can be used with other sources to uniquely identity a single individual. Examples of such information are Social Security Numbers (SSN), Credit Card Numbers, Drivers License Numbers, and Bank Account Numbers that are associated with a person's name or identity.

 

Client 

Refers to the Identity Finder program you are currently using.

 

Results Pane

Located on the left of the Client, contains the results of a scan.

 

Preview Pane

Located on the right of the Client, contains a preview of the currently selected file.

 

Match

Located in the Results Pane, each row is a possible PII match. Could be a file, email message, database table, etc.

 

True Positives

Matches that do contain PII that must be remediated.

 

False Positives

Matches that have been incorrectly marked as containing PII.

 

Remediation

The process of reviewing the scan results and securely and permanently removing PII.

 

Scanning the Computer for the First Time

  1. Remove all CD/DVD's from your machine, otherwise they will be scanned. CD/DVD's do not need to be scanned unless they contain your data and files.
  2. If you have backup drives or flash drives with data, they should remain on and attached and should be scanned.
  3. Use the icon on your Desktop to launch Identity Finder (Also under Start > All Programs > Identity Finder).
  4. The first time you start this application, you will be prompted to create a Profile password. This can be any password that you want and will remember but because of security issues, this should not be your AG or PSU password (see Scheduling Scans below). This password is used to save the scan results so that you can come back to them later and also to speed up subsequent scans. The software will not re-scan anything that has been previously scanned and has not been modified.
  5. If a wizard pops up with choices, click Advanced.
  6. Once the program opens and displays the Identity Finder window, click the Start button to begin a scan.
    • If you receive an error during a scan "Outlook is not your default email client", click OK to continue. You do not want to change your default mail client.
    • When the scan first starts, it may appear to be hung / not scanning for up to 5 minutes. This is normal.
    • Scans can take less than an hour or up to an entire day to complete. After the initial scan, subsequent scans will only check new or updated files and should take less time.
    • Your local drives will be scanned including temporary browser files (Firefox and Internet Explorer) and email files.
    • If you Close the program or Log off your computer without saving, your scan results will be LOST, forcing you to restart a scan.
    • You can Minimize the program while it is scanning and continue using your computer but you should expect your computer to run slower.
  7. If you minimized the program, you will get a popup in the system tray when the search is complete. You can click the popup or the Identity Finder icon in the system tray to launch Identity Finder.
  8. When the search is complete, save your results before you move on to remediation. Saving your match data allows you to come back to it later for remediation without rescanning the entire computer again. This is especially helpful if you have a large number of results. To save your results, click the save / disk icon. Save the file wherever you normally save your files and give it a name such as PIIScan.idf or the date of the scan. You can then later come back to the client, open the file that you just saved, and continue remediation from where you left off.
  9. You should now move on to remediation before repeating the scanning process for any other drives.

 

Remediation

Once the scan is finished, you will be presented with a window containing a list of all files found that could contain Personally Identifiable Information (PII). Not all of these files will contain true PII; some will contain data that was incorrectly identified (a false positive). The easiest way to determine if a file truly contains PII is to click the match and view the contents of the file in the Preview Pane (on the right side of the window). The preview pane will show you a preview of the match or matches within the file, with the suspected match highlighted. By viewing the file this way, you should be able to use your best judgment to determine if the number is true PII, or if it is a false positive.

 

If the file DOES contain PII, you must perform one of these options:

  1. SHRED the file. This will securely and permanently delete the file completely from your machine. This is the best option and will ensure that the PII is unrecoverable if your computer were to be compromised. If you no longer need the file, please select it or check the box next to it and click the "Shred" button. Special care should be given to data on shared drives as well as databases that may require remediation. Shredding files on a server or shared drive should be done in consultation with other associates who might have a need for those files. If you are not the owner or primary user of a file, please ask before you shred! Database files (such as FileMaker and Microsoft Access) that you wish to keep should be manually cleaned. Shredding a database file will permanently delete the file. 

    If you attempt to shred a file and Identity Finder displays a message indicating that it was unable to shred it, check that the file is not read-only. There is a checkbox in the bottom right corner of the Identity Finder window to turn off the read-only setting.

 

  1. If the file was saved in Office 2007 (XML-based format) or as a text file, you can SCRUB the file. This is the process of overwriting or redacting the PII data from the file without losing the rest of the information in the file. Only use this option if it is necessary to retain the rest of the data in the document.

 

  1. CLEAN the file manually. This option involves manually editing and saving the file. Only use this option if it is necessary to retain the rest of the data in the document.
    1. To clean the file, double-click to open it.
    2. Delete the PII data from the file.
    3. Choose "File > Save As" from the menu and rename the file to indicate that the PII was removed. We recommend that you use a file name such as "OriginalFileName_PII-Removed" so that you can easily tell which files have been cleaned.
    4. Return to Identity Finder and Shred the original file (see Option #1 above for steps).

Information Security