Security :: Cornell Spider - Macintosh OS X

Printer-friendly versionSend to friendPDF version

Spider is an open source network forensics tool developed at Cornell University to identify the presence of Personally-Identifiable Information (PII) on a computer. It scans for data such as Social Security, credit card, or bank account and routing numbers, and produces a list of files that may contain confidential data. Spider can then be used to:

  • Securely move or erase files
  • Move files to the Recycle bin
  • Mark the file, but retain it
  • Mark the file as a false positive

Download and Install Spider

  1. Download the Spider files.
  2. If necessary, double-click the Spider_OSX.dmg file to install Spider.
  3. Double-click the Spider_OSX icon to open the Spider_OSX folder. Double-click Spider to start the program.

Before You Begin

Do this Because
Empty the Trash or Recycle Bin Removes files you may have forgotten. Also, trash folders and the recycle bin aren’t always scanned by data discovery tools.
In your email program, empty the Trash folder. (In Eudora, compact mailboxes.) Removes old mail that may have been deleted and forgotten.
Clear the cache and history from the web browser you use most. Quite a lot of old personally identifiable information is found in browser caches, so this cleanup step should become part of a routine. (In Firefox, you can automate this process when you exit the application.)
Back up your system. If you accidentally shred a document you later realize you need, you can retrieve it from the backup copy.

Scanning Fixed Drives

You may need to have administrative rights and the ability to launch Spider with administrative rights before you can run the scan.

  • In a Finder window, open the Applications folder, open the Spider folder, and then double-click Spider.
  • From the Spider menu, choose Preferences.
  • At a minimum, you should scan your entire computer and any attached drives.
    • To scan the entire machine, in the Start Directory box, enter / and then close the Preferences window.
    • To scan all user directories, in the Start Directory box, enter /Users and then close the Preferences window.

      startdirectory

  • Click Run Spider.
    When Spider finishes the scan, a file called Spider.log is placed on your desktop.

    run-spider

  • Review the list of files in the Spider log.

Scanning External Drives

You can use Spider to scan the following:

  • External hard drives
  • Thumb drives
  • CDs and DVDs
  • Mounted disk images (servers mapped to a drive letter on your machine)

Note: You can run Spider while other applications are open. Spider does not scan open files, so be sure to close any files that should be included in the scan.

You may need to have administrative rights and the ability to launch Spider with administrative rights before you can run the scan.If you are scanning a folder on a server, you should map the server to a drive letter on your machine. 

  1. On your desktop, double-click the icon for the the external drive you want to scan. If the drive opens and you can see the contents, it is mounted properly and the scan should proceed normally.
  2. Make a note of the external drive name as shown on your desktop, for example CD_of_Old_Files. Names are case-sensitive.
  3. In a Finder window, open the Applications folder, open the Spider folder, and then double-click Spider.
  4. From the Spider menu, choose Preferences.
  5. In the Start Directory box, enter /Volumes/item_name, for example /Volumes/CD_of_Old_Files, and then close the Preferences window.

    external

  6. Click Run Spider.
    When Spider finishes the scan, a file called Spider.log is placed on your desktop.

    run-spider

  7. Review the list of files in the Spider log.

Reviewing Scan Results

Spider for the Mac creates a file called Spider.log. The default application used to view the file is Console, but it's usually easiest to rename the file with a .csv extension and then open it in Excel.

The log file is likely to contain a number of false positive results, so pare down the list before you start checking individual files.

  • It's usually safe to ignore any file whose name contains /library.
  • Focus on files that are either Office documents or email.

After you remove some of the obvious false positive files, check the list of files that were flagged as potentially containing confidential data:

  • If the file does not contain confidential data (false positive), you can ignore it.
  • If the file contains confidential data and you are sure you no longer need it, you should securely erase it. Put the file in the Trash, and then from the Finder menu, choose Secure Empty Trash.
  • If the file contains confidential data that you may need to continue storing on your computer, contact the Information Security Office for guidance.

Citations

Thanks to Cornell University for providing this tool. The most recent information concerning Cornell Spider for Macintosh may be found at http://www.cit.cornell.edu/services/spider/howto/mac/index.cfm

Related Topics

Data Protection, Security
feedback