This article can also be found in the Premium Editorial Download "Information Security magazine: Security researchers on biometrics, insider threats, encryption and virtualization."
Download it now to read this article plus other related content.
The DD300 search capabilities are so robust and dynamic you'd be hard-pressed to come up with any form of structured or unstructured data that can't be found. You want SSNs? DOB? Address, state, ZIP formats? Need to search .pst files for emails with certain content or keywords? No problem.
The query can be enhanced by enabling different search features. Stemming recognizes an equivalence between multiple grammatical forms, such as "library" and "libraries." Phonics, synonyms and "fuzzy" searching features find close matches.
The results show number of query hits, file name and type, network path, date created and date last modified.
In testing, our SSN search resulted in dozens of file matches in Excel spreadsheets, PDFs, and a PowerPoint file with an embedded chart.
One disappointment: We'd like to see NTFS file permissions as opposed to the document metadata because most documents are blank or inaccurate. This would help identify that data owner(s) for reporting or investigative purposes.
Reporting is not a strong point, although Deepdive has made some strides in providing a basic reporting function that's quick, easy and an effective communication tool for use with management.
The source information for reporting is taken directly from the column fields selected when viewing the results (number of query hits, file name and type, network path, etc.). So, you may need to revisit the columns you selected on the results view so the pertinent information you want is available to report on.
Reports can be exported to Excel or PDF, but the files are awkward and not succinctly formatted.
From discovery to indexing to searching and reporting, the DD300 is a versatile, intuitive and feature-rich data discovery device.
Testing methodology: We set up test file servers and workstations with data files across dozens of shares.
This was first published in November 2008