Running and Using CUSpider v.1.3.1 (Reilly)
Section 1: Running
Go to Start > CUSpider SSN Scanning > Run Spider Scan.
If you have existing scans, but no personal entropy key can be found, you will see one of two dialogs asking you how to handle the situation. If you have no entropy key, but also no detectable scans, then CUSpider will automatically generate an entropy key without asking.
Section 2: Starting a Scan
- Any files open on your computer at this time will NOT be scanned.
- This includes email clients such as Outlook or Thunderbird. CUSpider will scan the local mailbox files of most email clients, but the clients MUST be closed.
Section 3: Remediation (Clean Up)
- Open / Go to This Folder: Clicking on Open will open the file itself, while clicking on Go To This Folder will open up the folder where this file is stored in Windows Explorer.
- Secure Move (not recommended): This will copy the file to another location and use Secure Erase to delete the original copy.
- Secure Erase (recommended): This is the recommended method for deleting files containing sensitive data. It uses special overwrite algorithms to prevent the file contents from being retrieved after deletion by most forensic software and retrieval programs.
- Redact all matches in file: This will replace all instances of possible SSN's in the file with X's, assuming the file is of a type redactable by CUSpider.
* make sure you have the appropriate file permissions to perform any of these actions. Contact your system administrator if you do not.
- What is this?: This will generate a dialog box with more specific information about where in the file the hit is located.
- In mailbox files, this will include the folder and subject title of the email message the hit was found in, as well as which attachment, if any.
- Redact: Enabled only for supported file-types. Gives you the option to Redact the hit. This means that the suspected Social Security Number will be replaced with X's within the file. This allows you to retain the file without risk by removing the sensitive information.
- Redactions to documents are PERMANENT and cannot be undone.
- Redactions to local mailbox files may not be permanent. To ensure permanent remediation of mailbox files, deletion of offending emails through the mail client is recommended.
- Redaction is not available for all file types.
- Redaction can only occur if you have the appropriate write permissions for the file. Contact your system administrator if you do not have the appropriate access.
- Copy match item to clipboard: Will copy the match item to the clipboard, if you need to do further searching via another application.
Section 4 - After the Scan
If you want to perform another scan with the same settings, restart CUSpider.
After Spider closes, you will be asked if you want to save the "State Files" it generated. For your protection, the CUIT Infosec team recommends NOT saving the state files after every Scan/Remediation session. The State Files are a roadmap to potentially sensitive data and thus should only be saved if absolutely neccessary for future study. (See our Advanced Guide for more information on Spider State Files and the State File Eraser utility).