|
|
How to Find Your SSNs in your hard drive
The Objective:
Inventory for SSNs
It is not unlikely that old data containing
SSNs are still lurking in file shares and office computers. Here
is the procedure for finding SSNs (and other sensitive data).
Download one of these free tools:
- The Spider tool from
Cornell. This tool will search hard drives and create an index of
files that contain sensitive information. It has versions that
run on Linux, Windows, and Mac OS platforms.
- The Find_SSNs
tool from Virginia Tech. This tool is written in Python, and
doesn't need to be installed.
Results
What do you do with the results?
The log file reports tell you where your sensitive data are. You
will need to gather the files in one place. If you are keeping
this data on system approved for managing Tier 3 data, then you have
completed your inventory. If not, you need to get rid of it, or
protect the data. To get rid of it, remember that file deletion
does remove the data from a hard drive. Users need to wipe
(overwrite) the disk space where the deleted file data has been.
Mac OS has a Secure
Empty Trash feature that wipes the files.
Windows has a command-line utility that will wipe the 'empty' space on
a selected hard drive.
cipher.exe /W
Another way to wipe a file to one-way encrypt the file first, then
delete the encrypted file.
Some encryption utilities available are:
Pretty Good Privacy www.pgp.com
GNU Privacy Guard www.gnupg.org
True Crypt www.truecrypt.org
There are also many commercial tools to wipe
data files. Some examples:
Most of these have a free trial period where the user can evaluate how
they work.
|
|
|
|
