ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Steps to get non-office files classification information

book

Article ID: 172829

calendar_today

Updated On:

Products

Information Centric Security

Issue/Introduction

How can we find non-office files classificaiton information

Resolution

ICT is able to place fingerprinting information on non-office files (e.g.: txt, wmv...) using Alternate Data Streams (ADS).

A company, using DLP, can take advantage of this labelling in order to trigger some DLP rules and leverage the use of the DLP.

This information is only stored on public, not encrypted, files.

Also, the fingerprinting information will only work on NTFS file systems and will be attached to the file until it is moved from the original system (e.g.: copied or moved to a different PC). So, this will work for information stored At Rest in a Windows NTFS file system.

In order to get this information, a user can do the following:

  1. Open a command Line in the folder where the file is (Shift + right click on an empty area will show up the Open command window here option; alternatively you can perform what is in the screenshot below)

      

   2. Now type notepad [filename]:RWClassification.txt (if the filename has spaces, you should surround it with quotation marks notepad "[filename]:RWClassification.txt"). On the example below: notepad "New Text Document.txt:RWClassification.txt"

    

 

    3. A txt file will show up with the classification information, as you can see in the image above

    4. Alternatively, he can just check for classification information filename attached to the file - the alternate data streams associated to the file (e.g.: dir "New Text Document.txt" /r)

    

Attachments