Data Cleanup for Windows and MacOS using Identity Finder v9

For information about scanning Linux computers and PowerPC based Macs, see Running Find-SSNs to find confidential data. Identity Finder runs only on Intel based Macs and Windows computers.

Each of us is personally responsible for locating and removing any confidential data from any computer directory that we can write to. In some cases, automated tools can be used to help find such data. (See below.) If automated tools are inadequate or unavailable, files must be verified manually to contain no confidential data.

For more information about where you should be keeping your files, see CLASSE's Data Stewardship information.

For more information about Cornell's Data Cleanup and Inventory requirement, please see http://datacleanup.cornell.edu/

Cornell Policy 5.10 spells out how confidential data must be protected or eliminated. Although using Identity Finder to help find confidential data is one of the requirements for meeting the goals of Cornell Policy 5.10, Identity Finder cannot find everything. You personally are responsible for eliminating all confidential data in all of your files:

1. Social Security Numbers
2. Credit Card Numbers
3. Bank Account Numbers
4. Drivers License Numbers
5. Protected health information, as defined in the Health Insurance Portability and Accountability Act (HIPAA)

Social Security Numbers are often found in grant proposals, employment applications, performance appraisals, and old student grade records, and must be eliminated.

Windows Identify Finder v9, Step-by-Step

Notes

• If you need to use Identity Finder and it is not already available on your computer, please contact the CLASSE IT group by submitting a ServiceRequest. Please do not waste your time trying to install or update Identity Finder yourself. The installation procedure needs access to protected files.
• The user interface of Identity Finder v9 is almost identical to the GUI of previous versions. The major differences are its color scheme and which options are enabled by default.

Instructions

Below is a walkthrough of using the Windows version of Identity Finder to scan a hard drive for confidential data. Please read through this document completely before using the software. The Mac version of Identity Finder has the same functionality, although its screens look somewhat different.

I. Empty Browser Cookies and Cache

In order to reduce the amount of time spent handling the results, we recommend that you delete browser caches before running identity Finder. CLASSE supports Firefox for most Web browser activities. However, a few specific Cornell and government sites require Microsoft's Internet Explorer. IE11 is installed on most CLASSE Windows computers.

• How to clear the cache of IE version 7 or 8 (not installed on most CLASSE computers)

• How to clear the cache of IE version 9 or 11 (IE9 is no longer installed on most CLASSE Windows computers):

• How to clear the cache of Firefox ESR (the standard CLASSE browser)

II. Start Identity Finder

1. Set and document your password for Identity Finder
   The very first time Identity Finder is started, a password must be created. It is important to document this password, as it is used to start Identity Finder in the future, to open saved scans, and to protect confidential data. The CLASSE computer group cannot recover this password for you.
2. Select "Use Advanced Interface" (rightmost of three large icons)
   The other interfaces won't let you set your search locations.

III. Select Locations to Scan

You must tell Identity Finder where to scan files and e-mail messages. (You might have to do this each time.)

By default, Identity Finder does not look in folders used at CLASSE. You must change its Custom Folders settings to select ALL of the directories to which you can write, at least those four and perhaps others.

Below is the shortest list for CLASSE. CHESS might have a different list. Be sure to add all of the locations where you put files. Identity Finder automatically searches all of the subdirectories in them.

Under Windows 7, at least these directories (folders) must be scanned: (for most people both their linux id and their windows id are the same as their Cornell NetID.)

• \\samba\home\<your linux id>
• \\samba\user\<your windows id>
• C:\temp
• C:\Users\<your windows id>

Note: C:\user_local and Z:\ are not normally present on current CLASSE computers running Windows 7, but include them if you have them.

Do not type Enter while setting locations. If you do, you'll have to open the menus again.

A. Select the Disk Folders to be Scanned

B. Include all Outlook mail folders,

C. Finally click on OK to finalize the list of folders and E-Mail locations

D. Go back to the main menu

More info is available on Identity Finder's Web site at https://www.identityfinder.com/help/client_win/Searching_Additional_Outlook_PST_Data_Files.htm

IV. Select the data types to scan for

Select appropriate confidential data categories on Identity Finder's "Identities" page.

V. Initiate Scan

On the Main menu, click the button marked "Start" to begin scanning your selected locations.

A window similar to this will appear during the scanning process:

During the scan you might see one or more brief popups from your computer's anti-virus scanner. By defualt, ESET (the AV scanner used by CLASSE) does not scan the contents of Outlook folders since doing so has been known to cause Outlook to lockup. (It does scan messages when you try to open them.) When Identity Finder scans a message which includes a virus, the anti-virus scanner will quarantine or delete any temporary copy created by Identity Finder.

VI. Review Results

When Identity Finder has finished its scan, it will display in its main window a list of locations where it found questionable items. This is where the rest of your Identity Finder session will take place. This is the overall list of documents believed to contain confidential data, both e-mail messages and individual files. More details about the currently selected item are shown in the bottom of the window. Section VII below (Taking Action) explains how to work with emails that have confidential data.

Proceed through the list, one document at a time. Depending on the document type, clicking on an individual "matched" item may show the area of the document where the match was found as shown below. You can use this context to help determine if the data is actually of a confidential nature. To open and view an entire file, doubleclick on it.

VII. Take Action for Confidential Data

Once you've determined if a document actually contains confidential data, you can right-mouse-button click on its name to get a menu of options which can be applied to the file. This "Actions" menu is shown below. You can select multiple documents by clicking the checkbox next to each document.

There are corresponding Action buttons in the Main ribbon at the top of Identity Finder, which can be used instead of the popup menu. Each button there has help associated with it. If you "hover" the mouse pointer over a button, help will appear related to that action. Here are some short descriptions of the actions:

1. Shred -- Securely deletes files in a manner that prevents anyone from recovering them. *This is the most desirable action for documents that truly contain confidential data. Note * -- CLASSE computer staff cannot recover data which has been shredded unless a backup exists.
2. Scrub -- Removes the confidential data from the file and replaces it with X's. Note that this feature only works on certain types of files. If it can't be used, the option will be greyed out.
3. Secure -- Do not use . (to comply with Cornell policy with regard to Key Escrow,)
4. Quarantine -- Do not use (there is no quarantine server)
5. Classify -- Do not use
6. Recycle -- Do not use. This moves the file to the recycle bin. Note that this action does NOT delete the file. Even after emptying the recycle bin it is possible to recover these files. Shred must be used instead.
7. Ignore
   • Select "This Item Location" to denote entire files that are "false positives" (files that Identity Finder misidentifies as containing confidential data but which actually do not.)
   • Select "This Match" to denote individual fields which should not be redacted.

To further help you determine if a document contains confidential data, you can right-click on any document in the Identity Finder list and choose "Launch", which should open the document in the original format in an appropriate file reader.

Note: you cannot "Shred" a file while you're looking at it in another window. Close its PDF window before trying to "Shred" a PDF document, for example.

Caveats: Email in Identity Finder

Identity Finder can reliably delete (shred) individual messages stored by Outlook.

However, if you are using Thunderbird or Eudora, it is critical that you not use Identity Finder to shred mail messages. (Note: CLASSE no longer supports Eudora, and recommends using Outlook (Windows & Mac) or Apple Mail 4 (Mac). Shredding mail messages in Thunderbird or Eudora results in corrupted mailboxes. If confidential data is identified in one or more mail messages, you must delete those messages manually. Identity Finder will show the mailbox where the message was found. Open Thunderbird or Eudora, locate the message and delete it using Thunderbird (or Eudora). Don't use Identity Finder to delete (shred) those messages. This manual deletion will securely delete the mail message. (It is safe to shred messages if you are using Outlook.) If a mailbox gets accidentally corrupted please contact the CLASSE computer group.

Using Identity Finder for Mac OS X

I. Before running Identity Finder on a Mac

• You can download the CLASSE distribution HERE: https://www.lepp.cornell.edu/~software/private/software/Identity%20Finder.zip
• CLASSE distributions of Identity Finder for Mac OS X come with a registered copy of the application, a copy of the license file and some instructions
• HIGHLY RECOMMENDED: drag the license file to /Library/Application Support/Identity Finder

If the Identity Finder folder does not exist in the Application Support folder, then create it and copy or move the license file there. Admin privileges may be required. Do follow CIT's Usage Instructions, but do NOT follow CIT's License Installation Instructions - putting the license file in the application bundle will cause the application to become unregistered if you allow an update.

• CIT's "How To" page for using Identity Finder on a Mac: http://www.cit.cornell.edu/services/idfinder/howto/mac/index.cfm

II. Running Identity Finder on a Mac

To use Identity Finder for Mac OS X, in the Finder, from the Go menu, choose Applications. In the window that opens, double-click Identity Finder.

By default, Identity Finder will only scan your Documents folder. From the Locations menu, you can configure Identity Finder to scan your entire computer, or a custom location.

Note: Identity Finder scans can take several hours if you have a large number of documents. If you will be leaving your computer unattended during the scan, you may have to change your Energy Saver settings so your computer will not go to sleep.

To scan a custom location:

1. From the Locations menu, choose Custom... . 

2. To select a location to scan, click the ellipsis (...), and then browse to the location. Alternately, next to "Folder:", you can enter the location's path. 

3. Once you have selected a location, click Add. Note: To exclude a location from the scan, follow these steps, but check Add as Exclusion before clicking Add in step 3.

After running the scan, if Identity Finder finds a file that may contain sensitive data, you can permanently delete it by clicking the file in the result list, and then clicking Shred.

To save the results of a scan for future reference:

1. From the File menu, choose Save or Save As... . 

2. Give the file a name, and then select a location to save it from the pull-down menu next to "Where:". 

3. Enter and confirm a password for the file, and then click Save.

Acknowledgment

Many thanks to Dan Elswit of CALS for permission to adapt their walkthrough document for use at CLASSE.

-- SeldenBallJr - 23 Nov 2016