Spider is an open source network forensics tool developed at Cornell University to identify the presence of Personally-Identifiable Information (PII) on a computer. It scans for data such as Social Security, credit card, or bank account and routing numbers and produces a list of files that may contain PII.

Before You Begin

Depending on the number of files Spider needs to review, a scan can take several hours. While you should be able to continue working, it is recommended you run Spider at a time when you'll be away from your computer. Remember to lock your display when you are away from your computer. If you're scanning a laptop, plug the computer into an outlet to avoid the battery running out before the scan is completed. Note that installing Spider for Windows may require administrator rights on your computer.

You can speed up the scan by deleting temporary Internet files, cookies and history from your web browser(s).

Spider requires Microsoft .NET version 2.0 or higher. Follow the directions below to ensure you have the latest version installed.

Windows XP

1. Go to http://www.update.microsoft.com.
2. Click Custom. The update site will analyze your system. Click Review Other Updates. When the list of software appears, in the left-hand column, click Software, Optional.
3. Check to see if Microsoft .NET Framework version 2.0 is on the list. If it is, select it, and click Review and Install Updates.
4. Click Install Updates.
5. When the download and installation are complete, restart your computer.

Windows Vista

1. Go to http://www.update.microsoft.com.
2. Click View Available Updates
3. Check to see if Microsoft .NET Framework version 2.0 is on the list. If it is, select it, and click Review and Install Updates.
4. Click Install Updates.
5. When the download and installation are complete, restart your computer.

Windows 7

1. Open the Start menu
2. Select All Programs
3. Select Windows Update
4. Click Check for Updates
5. If Microsoft .NET does not appear on the list of available updates, you have the latest version. If it does appear, follow the on-screen instructions to install the update.

Installation

Download and run the Spider for Windows installer from http://www2.cit.cornell.edu/security/tools/Spider_Release_2008.zip. If you're asked whether you want to Run or Save the files, click Save. The program will be saved to the location you specify.

Open the Spider_Release_2008.zip folder, and then open the Spider_Release_2008 folder.

Double-click Spider4 to run the installation program. (This file may be named Spider4.msi.)

Follow the onscreen instructions. In the final window, click Close. Spider is now installed on your computer.

Configuring and Running Spider for Windows

• From the Start Menu, Choose All Programs – Spider4 – spider4.exe.
• A welcome screen may open giving you the following options:
  • Scan Assist (a simple scan wizard - just follow the directions)
  • Load Previous (allows you to load a previous unfinished or finished scan)
  • Just use Spider (gives more controllable scan options)
• If a scan has been done in the last hour, Spider will automatically "Load Previous", bypassing the welcome screen. The only way to change this behavior is to delete the previous scan file. Spider may also go directly to "Just use Spider". If you need to access Scan Assist, open the Tools menu and select Scan wizard.

By default, Spider scans the file types most likely to contain sensitive data, such as email, Office documents, PDFs, some database formats including Fox Pro, Access, and most dBase III/IV derivatives, archives including ZIP, GZip, and BZip, HTML, and legacy formats such as Quattro and Lotus 1-2-3.

To narrow the scope of the scan, select the area on your computer you need to review. Click the Settings menu and select the Scan Options tab. In the Start Directory field browse to or type in the folder where you would like Spider to start. You must select and run Spider on each drive separately.

After setting the starting point, run Spider by clicking the Spider button.

• If you're performing the scan during a time when you can view the progress, adjust the Spider window so that you can view the progress meter at the bottom left corner. Sometimes Spider may appear to have stalled, but this is generally not the case.
• On completion of the scan, Spider will list matches and/or false positives. Click on the plus sign beside any individual file to show the match(es) found in that file. Right click on the file to view a list of actions you can take:
  • Securely erase or move a file
  • Move the file to the recycle bin
  • Ignore the file as a false positive
  • Mark the file as a valid find but leave on the computer
  • Open the file
• Delete the scan file once cleaning is completed.

Citations

Thanks to Cornell University for providing this tool. The most recent information concerning Cornell Spider for Windows may be found at http://www2.cit.cornell.edu/security/tools/.