Enterprise Recon 2.0.28

Local Storage and Local Memory

Local storage and local memory are included by default as available scan locations when adding a new server Target.

This section covers the following topics:

Local Storage

Local Storage refers to disks that are locally mounted on the Target server. The Target server must have a Node Agent installed.

You cannot scan a mounted network share as Local Storage.

To scan Local Storage:

  1. From the New Search page, Add Targets.
  2. In the Enter New Target Hostname field, enter the host name of the server.
  3. Click Test. If the host name is resolved, the Test button changes to a Commit button.
  4. Click Commit.
  5. In Select Types, select Local Storage. You can scan the following types of Local Storage:

    Local Storage Description
    Local Files

    To scan all local files:

    1. Select All local files.
    2. Click Done.

    To scan a specific file or folder:

    1. Click Customise next to All local files.
    2. Enter the file or folder Path and click + Add Customised.

    Local Shadow Volumes

    Windows only

    To scan all local shadow volumes:

    1. Select All local shadow volumes.
    2. Click Done.

    To scan a specific shadow volume:

    1. Click Customise next to All local shadow volumes.
    2. Enter the Shadow volume root and click + Add Customised.

    Local Free Disk Space

    Windows only

    Deleted files may persist on a system's local storage, and can be recovered by data recovery software. ER2 can scan local free disk space for persistent files that contain sensitive data, and flag them for remediation.

    To scan the free disk space on all drives:

    1. Select All local free disk space.
    2. Click Done.

    To scan the free disk space of a specific drive:

    1. Click Customise next to All local free disk space.
    2. Enter the drive letter to scan and click + Add Customised.

Local Process Memory

During normal operation, your systems, processes store and accumulate data in memory. Scanning Local Process Memory allows you to check it for sensitive data.

To scan local process memory:

  1. From the New Search page, Add Targets.
  2. In the Enter New Target Hostname field, enter the host name of the server.
  3. Click Test. If the host name is resolved, the Test button changes to a Commit button.
  4. Click Commit.
  5. In Select Types, select Local Memory > All local process memory.
  6. Click Done.

To scan a specific process or process ID (PID):

  1. From the New Search page, Add Targets.
  2. In the Enter New Target Hostname field, enter the host name of the server.
  3. Click Test. If the host name is resolved, the Test button changes to a Commit button.
  4. Click Commit.
  5. In Select Types, select Local Memory. Next to All local process memory, click Customise.
  6. Enter the process ID or process name in the Process ID or Name field.
  7. Click + Add Customised.