Running and Using CUSpider v.1.3.1 (Reilly)

Section 1: Running

Go to Start > CUSpider SSN Scanning > Run Spider Scan.

Screenshot of CUSpider being opened via the Start Menu

If you have existing scans, but no personal entropy key can be found, you will see one of two dialogs asking you how to handle the situation. If you have no entropy key, but also no detectable scans, then CUSpider will automatically generate an entropy key without asking.

CUSpider Screenshot of Dialog Box Warning No Entropy File Found
CUSpider Screenshot of Dialog Box Warning Of An Insecure Entropy File

Section 2: Starting a Scan

Screenshot of CUSpider which highlights the scan button
Screenshot of CUSpider, highlighting search results

Important Notes:

  • Any files open on your computer at this time will NOT be scanned.
  • This includes email clients such as Outlook or Thunderbird. CUSpider will scan the local mailbox files of most email clients, but the clients MUST be closed.

Section 3: Remediation (Clean Up)

CUSpider screenshot showcasing search results in treeview
CUSpider screenshot showcasing treeview context menu when a filename is highlighted


  • Open / Go to This Folder: Clicking on Open will open the file itself, while clicking on Go To This Folder will open up the folder where this file is stored in Windows Explorer.
  • Secure Move (not recommended): This will copy the file to another location and use Secure Erase to delete the original copy. 
  • Secure Erase (recommended): This is the recommended method for deleting files containing sensitive data. It uses special overwrite algorithms to prevent the file contents from being retrieved after deletion by most forensic software and retrieval programs.
  • Redact all matches in file:  This will replace all instances of possible SSN's in the file with X's, assuming the file is of a type redactable by CUSpider.

* make sure you have the appropriate file permissions to perform any of these actions. Contact your system administrator if you do not.

CUSpider screenshot highlighting checked results in tree view
CUSpider screenshot highlighting the use of Erase Checked in Action Bar
CUSpider screenshot highlighting the use of Move Checked in Action Bar
CUSpider screenshot highlighting the display of hits as subnodes to a filename in the treeview
CUSpider screenshot highlighting display of inbox name, and email subject and timestamp of a hit's location as subnodes of an email archive search result in the treeview
CUSpider screenshot highlighting the display of the specific filename of a hit's location within an archive (ZIP) file as subnodes in the treeview
CUSpider screenshot showing how clicking on a hit node in the treeview will display the context of the hit in the context bar.
CUSpider screenshot highlighting the context menu that appears when a hit node is right-clicked
  • What is this?: This will generate a dialog box with more specific information about where in the file the hit is located. 
    • In mailbox files, this will include the folder and subject title of the email message the hit was found in, as well as which attachment, if any.
  • Redact: Enabled only for supported file-types. Gives you the option to Redact the hit.  This means that the suspected Social Security Number will be replaced with X's within the file. This allows you to retain the file without risk by removing the sensitive information.
Two screenshots, side by side, captioned Before and After, of the same text file opened in Notepad to illustrate CUSpider's redaction function. The left screenshot shows a sample social security number. A super-imposed arrow points from the sample SSN to the second screenshot of the same file open, but the sample SSN has been replaced with all X's.
    • Important Notes: 

      • Redactions to documents are PERMANENT and cannot be undone.
      • Redactions to local mailbox files may not be permanent. To ensure permanent remediation of mailbox files, deletion of offending emails through the mail client is recommended.
      • Redaction is not available for all file types.
      • Redaction can only occur if you have the appropriate write permissions for the file. Contact your system administrator if you do not have the appropriate access.
  • Copy match item to clipboard: Will copy the match item to the clipboard, if you need to do further searching via another application.
CUspider screenshot displaying the checkbox of a filename node and it's child nodes, depicting the hits inside the file, as checked
CUSpider screenshot showcasing the Redact Checked button in the Action Bar

Refer to our Tips On Remediation to help you decide which of the options listed (or another option) best addresses the security risks your search results represent. 

Section 4 - After the Scan

CUSpider screenshot highlighting the Exit button on the toolbar.

If you want to perform another scan with the same settings, restart CUSpider.

After Spider closes, you will be asked if you want to save the "State Files" it generated. For your protection, the CUIT Infosec team recommends NOT saving the state files after every Scan/Remediation session. The State Files are a roadmap to potentially sensitive data and thus should only be saved if absolutely neccessary for future study. (See our Advanced Guide for more information on Spider State Files and the State File Eraser utility).

Screenshot of CUSpider dialog box asking whether the user would like the save the Scan Results database