Document Review

Document Detective 2.0

This article can also be found in the Premium Editorial Download: Information Security magazine: Exclusive: Security salary and careers guide:

DOCUMENT REVIEW


Document Detective 2.0
SRS Technologies

Price: $300 for a single-user license

 

SRS Technologies' Document Detective

SRS Technologies' Document Detective ferrets out secrets before releasing documents.

 

It's tough enough for security personnel to review every outgoing document for sensitive information-- whether it's a pharmaceutical company's latest drug research, a military contractor's weapons development, or classified government material. But below the surface lies metadata and hidden changes, embedded images, and charts and tables that may contain embarrassing, even damaging, information.

SRS Technologies' Document Detective is an innovative product that assists in the review and sanitizing of Microsoft Office, Adobe Acrobat and other text documents before releasing them outside an organization.

While Document Detective's basic functionality relies on a standard keyword-matching algorithm, its true power lies in its advanced techniques, including the ability to detect text that is obscured by an image, table, or other object, as well as remnant data from Track Changes operations; we used this feature to detect text that was covered with an overlaid text box. Another powerful feature is its ability to detect cropped images and identify remnant data that appears to be deleted by the crop operation but is actually hidden from view. Document Detective also finds embedded OLE objects, such as hidden support data behind a chart generated from a Microsoft Excel workbook. You may see a pie chart, but Document Detective reveals the spreadsheet--with cells of confidential data--used to generate it.

Running Document Detective is simple: Start the application and open the document you wish to review. Document Detective processes the document (it took up to three minutes when working with a large document on an average desktop system) and provides a comprehensive tree view of the document attributes, highlighting areas that contain potential policy violations and require human review. We found that this feature worked well, and, while the entire document tree contains a large amount of information, the policy violation flags helped target our efforts.

Upon completing your review, you can switch over to the native document application using the "Send to Application" feature. You're then presented with a Document Detective toolbar within the original application, allowing you to review suspected policy violations. This process can be quite tedious, as you need to print a copy of the Document Detective results and use the numbering scheme to navigate within the original application. Additionally, the numbering scheme changes as you make edits, requiring you to start at the bottom of the document and work your way to the top.

Document Detective also provides reviewers with several scripts that may be used to automatically strip sensitive information from documents. For example, the "Auto Compress" function removes cropped areas from images, converts embedded OLE objects to images and compresses images to remove hidden details.

Our tests did reveal a flaw in the application: It does not provide full functionality when processing encrypted documents. When we opened an encrypted Word document with Document Detective, it started an instance of Word that prompted us for the document password. The application then successfully processed the encrypted document, but then failed when we attempted to use the "Send to Application" function.

In its current form, Document Detective provides security officials with a powerful tool that incorporates document-review best practices that otherwise require tedious manual checking. However, it needs a more robust interface before it can really be considered a mainstream product.

--MIKE CHAPPLE

 

This was first published in July 2006
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close