Running and Using CUSpider v.1.0.2 (Parker)
Section 1: Running
Go to Start > CU Spider Scanning > Run Spider Scan.
Section 2: Starting a Scan
- Any files open on your computer at this time will NOT be scanned.
- This includes email clients such as Outlook or Thunderbird. CUSpider will scan the local mailbox files of most email clients, but the clients MUST be closed.
Section 3: Remediation (Clean Up)
- Open / Go to This Folder: Clicking on Open will open the file itself, while clicking on Go To This Folder will open up the folder where this file is stored in Windows Explorer.
- Secure Move (not recommended): This will copy the file to another location and use Secure Erase to delete the original copy.
- Secure Erase (recommended): This is the recommended method for deleting files containing sensitive data. It uses special overwrite algorithms to prevent the file contents from being retrieved after deletion by most forensic software and retrieval programs.
- Redact all matches in file: This will replace all instances of possible SSN's in the file with X's, assuming the file is of a type redactable by CUSpider.
* make sure you have the appropriate file permissions to perform any of these actions. Contact your system administrator if you do not.
- What is this?: This will generate a dialog box with more specific information about where in the file the hit is located.
- In mailbox files, this will include the folder and subject title of the email message the hit was found in, as well as which attachment, if any.
- Redact: Enabled only for supported file-types. Gives you the option to Redact the hit. This means that the suspected Social Security Number will be replaced with X's within the file. This allows you to retain the file without risk by removing the sensitive information.
- Important Notes:
- Redaction can only occur if you have the appropriate write permissions for the file. Contact your system administrator if you do not have the appropriate access.
- Redaction is not available for all file types.
- Redactions to local mailbox files may not be permanent. To ensure permanent remediation of mailbox files, deletion of offending emails through the mail client is recommended.
- Redactions to documents are PERMANENT and cannot be undone.
- Important Notes:
- Copy match item to clipboard: Will copy the match item to the clipboard, if you need to do further searching via another application.
Section 4 - After the Scan
If you want to perform another scan within the same hour as the last finished scan, please close and restart Spider so it can identify recently changed or added files. It will then ONLY scan those files that have changed or been added since the last scan.
If you prefer to run a new complete scan right away, you can use the included State File Eraser utility to erase the state file from your previous scan after closing Spider. When you restart Spider, it will allow a fresh complete scan to take place. (See our Advanced Guide for more information on Spider State Files and the State File Eraser utility)
After Spider closes, you will be asked if you want to securely delete the "State Files" it generated. For added protection, the CUIT Infosec team recommends securely deleting the state files after every Scan/Remediation session (See our Advanced Guide for more information on Spider State Files and the State File Eraser utility)