“Oh yeah, I forgot about all of those files.” I’ve never had a security tool lead to these predictable words regarding sensitive files being stored on unencrypted laptops as much as Identity Finder has. You may have seen Identity Finder in my previous post and related articles and presentations where I’ve mentioned or demonstrated it. Identity Finder is a commercial product that IT and information security professionals can use to uncover files that are at risk on under-protected laptops – even the entire enterprise.
Here’s a quick peek of what Identity Finder can uncover on a laptop:
Pretty eye-opening, huh? Especially if you find all of this information on an unencrypted laptop.
Check out Identity Finder. It’s one of those good bang for the buck tools that can help you with information discovery, classification, leakage prevention or just to simply make the case that PII or intellectual property are not being protected the way they should be.
There’s a related tool I recently came across that you should check out as well called FOCA. FOCA (more specifically FOCA Free) is a data gathering tool you can use to seek out sensitive files on websites you may be testing. It’s got a few little quirks but, compared to so many other free tools I try, it actually works. Here’s a screenshot of its interface:
I’m convinced that those of us in IT and infosec are no different than surgeons, carpenters or race mechanics. If we don’t have the right tools for the task, we’re not going to accomplish all we need to accomplish. Consider adding Identity Finder – and FOCA – to your arsenal. They can’t hurt!
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”