Sensitive Number Finder (SENF) for Linux

The Sensitive Number Finder is a software tool that will locate potential Social Security Numbers and credit card numbers on your computer, including external hard drives, USB "thumb" drives, and AFS or NetFile space. It is important for you to run this tool on a routine basis to ensure that you are not storing sensitive numbers on your local hard drive.

After SENF completes it’s scan, you will have to review the scan results to determine if a pattern match actually is a sensitive number. In some circumstances other types of data can have the same formatting or contain numbers similar to SSNS. Depending on how many files you have, this scan and review of the results could take some time.
Some examples of files on your system that might contain Social Security or credit card numbers include performance reviews, tax forms, employment records, student grade lists, student papers, expense reimbursement forms, resumes & curriculum vitae, electronic receipts, stored web browser data, Pro Card information, personal budget information or bill paying information.

Please note that although SENF will run on Windows and MacOS systems, Windows and MacOS users should use Identity Finder.

Step 1: Download & Install the Sensitive Number Finder

 

  1. Make sure you have a current version of the Sun Java Runtime Environment (JRE) installed on your computer before you install Sensitive Number Finder.  If you are unsure which version of JRE is installed on your computer, you can find out by visiting: http://www.javatester.org/version.html
  2. Once you have the correct version of the Sun JRE installed, download the Sensitive Number Finder tool to your computer.
    • Click on the link above.
    • Login with your NetID and password.
    • Choose Save. Choose a location to save to.
    • Note for Linux & Unix users: the tool has been installed to the default path for Linux and Solaris 10 AFS users - these are just wrappers which go to the senf.jar file in /afs/nd.edu/i386_linux24/opt/und/local/src/senf.
  3. Double-click on the senf.jar file to open the Sensitive Number Finder.
    • If your operating system does not support mouse clicking to launch jar files, then the tool can be started from an operating system command line using the following command: "java -jar senf.jar" where "java" is the fully qualified local file system path to your locally installed Sun JRE executable java binary.

Step 2: How to Configure the Sensitive Number Finder

 

  1. Select the location to scan by clicking the Directory to Scan button or accept the default.
    • Please note: By default, the sensitive number finder only scans your home folder! If you want to scan your entire computer, any external storage devices such as USB "thumb" drives, your email, or your own AFS or NetFile space (a.k.a. H: or N: drives), you must configure the directory to scan setting!
    • For Linux and Unix users, scanning any directory that may contain user data is recommended – often /home or /usr.

      senf_directory2scan

  2. Changing the Options for the Sensitive Number Scan
    • Click the OPTIONS button to pick a new directory in which to store the log file and/or change the parameters of the scan.

      senf_toolbar

    • The options dialog box opens.

      senf_options

    • To choose a new directory for the log:
      • Click in the checkbox before Log results, click on the Log button, and then choose the new location.
    • To filter for files modified after a certain date:
      • Click in the checkbox before Last Modified and enter a date with the format YYYYMMDD.
    • To filter for files of a certain size:
      • Click the checkbox before Max File Size and enter a maximum file size. You may append a suffix multiplier to the number (no spaces) such as 'g' for gigs, 'm' for megs, 'k' for kilobytes, and nothing for bytes.
    • To lower the maximum number of matches per file:
      • Change the Max Matches number.  The default (and highest number allowed) is 3.
    • To access help:
      • Click the Help button to view a Help screen.
    • Click OK once you’ve chosen new attributes.

Step 3: Run the Sensitive Number Finder Scan

  1. On your first scan, run your scan by clicking Scan Lite. The time it takes to run a scan will vary depending on the size of your hard drive and the amount of data stored on it.

    senf_toolbar
  • Scan Deep - This choice will scan all files except system and binary types. You will want to use this for all of your scans after you go through an initial Scan Lite. Scan Deep searches for both formatted and unformatted Social Security Numbers and credit card numbers.
     
  • Scan Lite - This choice will scan only well known document file types (such as Excel, Word, WordPerfect, FileMaker, Access, etc.). It will perform a less thorough scan of your computer, but may be useful if you are getting a high number of false positives. Scan Lite ONLY searches for formatted Social Security Numbers and credit card numbers.
     
  • Cancel - Clicking this button will interrupt the scan and report any suspicious files found up to that point.
     

Step 4: Review the Scan Results & Take Action

  1. As your scan progresses, you can see the number of files being processed below the buttons.

    senf_results_toolbar
  2. Review the list of files. A list of files containing suspected sensitive numbers will appear in a table in scan file order. Each row in the table is a file that contains sensitive number PATTERNS.
     
  3. Determining which files are most likely to have sensitive data.

The Type and Match columns list the type of pattern found (either Social Security Number or Credit Card Number), and the value of the possible sensitive date.

  • Sorting Results: Clicking on any column header sorts the column in ascending (first click), descending (second click) or original order (third click).
  • Ranking Results: The rank column lists a score to help identify which files are most likely to contain real sensitive numbers - the higher the rank, the more likely a pattern is to be a real Social Security or credit card number.

    senf_results_general
     
  1. View the actual files for sensitive numbers. You may know that some of the files do not contain sensitive numbers just by the file name. Because the scan only looks for number patterns, it is likely that many of the numbers are not actually sensitive, so you should look at the files themselves if there is any possibility that they could contain sensitive numbers.
     
  2. Removing files you no longer need. If any files do contain sensitive data, and those files are not needed, you should delete them. To delete a file, click next to the file name in the Delete? column. A menu will appear. Choose Delete. The file will be marked for deletion.

    Check all of the files in the list of suspicious files and either mark them Keep or Delete. (Not marking a file will default to Keep.)
    senf_results_delete
     
  1. Eliminate sensitive numbers, but keep the file. If you need to retain the file for business reasons, find and open it, examine it for Social Security or credit card numbers, delete those numbers, and save the files.
     
  2. Once you have checked all the files, or all you wish to check at that time, click the Delete Files button at the top of the window

    senf_toolbar
     
  3. A message will appear warning you that this will delete the entire file(s), not just the sensitive numbers. It will also list all the files that will be deleted. If you wish to proceed, click Delete Files

    senf_confirm_delete
     
  4. Repeat the scan on any email folders or external storage devices, such as external hard drives or USB “thumb” drives, and on attached file space such as AFS (a.k.a. H: drives), NetFile, or Courseware. To reconfigure the tool to scan these external storage devices, return to Step 2: How to Configure the Sensitive Number Finder Tool.
     
  5. Once you have completed a Scan Lite and reviewed the results, it is HIGHLY recommended that you go back and run a Scan Deep to ensure that you have found and secured as many instances of sensitive data as possible.