Kevin Beaver's Security Blog

Neat tools to seek out sensitive files on laptops & websites

“Oh yeah, I forgot about all of those files.” I’ve never had a security tool lead to these predictable words regarding sensitive files being stored on unencrypted laptops as much as Identity Finder has. You may have seen Identity Finder in my previous post and related articles and presentations where I’ve mentioned or demonstrated it. Identity Finder is a commercial product that IT and information security professionals can use to uncover files that are at risk on under-protected laptops – even the entire enterprise.

 Here’s a quick peek of what Identity Finder can uncover on a laptop:

Pretty eye-opening, huh? Especially if you find all of this information on an unencrypted laptop.

Check out Identity Finder. It’s one of those good bang for the buck tools that can help you with information discovery, classification, leakage prevention or just to simply make the case that PII or intellectual property are not being protected the way they should be.

There’s a related tool I recently came across that you should check out as well called FOCA. FOCA (more specifically FOCA Free) is a data gathering tool you can use to seek out sensitive files on websites you may be testing. It’s got a few little quirks but, compared to so many other free tools I try, it actually works. Here’s a screenshot of its interface:

I’m convinced that those of us in IT and infosec are no different than surgeons, carpenters or race mechanics. If we don’t have the right tools for the task, we’re not going to accomplish all we need to accomplish. Consider adding Identity Finder – and FOCA – to your arsenal. They can’t hurt!