To help protect you from data loss, you can use Code42 Forensic File Search to monitor files moving to and from data sources such as cloud services (for example, Box, Google Drive, and OneDrive), or attachments sent through email services (such as Office 365 Outlook).
When you add a cloud service as a data source, Forensic File Search monitors the data source to capture when a user:
- Creates a file
- Shares a file
- Deletes a file
- Modifies a file
When you add an email service as a data source, Forensic File Search monitors the data source to capture file and message information about the attachments that users have emailed to recipients.
This article provides a brief introduction to adding data sources.
- You can register a G Suite or Microsoft 365 account in a single Code42 environment only:
- Once as a cloud service, to monitor file movement in Google Drive or OneDrive locations
- Once as an email service, to monitor file attachments emailed from Gmail or Office 365 Outlook accounts
- You can only register a G Suite or Microsoft 365 account for one Code42 environment at a time. For example, you cannot register a OneDrive cloud service in one Code42 environment and an Office 365 DLP email service in another Code42 environment when both belong to the same Microsoft 365 account.
- You can register two (or more) unique G Suite or Microsoft 365 accounts as long as these accounts are not associated in any way.
- Code42 only monitors one domain in a G Suite account even though multiple domains may exist in that account. Code42 monitors only the domain associated with the administrator email address that was used to register the Google Drive or Gmail data source.
Before you add data sources
Before you can add data sources, you must configure Forensic File Search. For directions, see Configure Forensic File Search.
Add data sources
You can add the following data sources in the administration console from Investigation > Data Sources:
After adding data sources
Once you add a data source, file information for the data source is available in Forensic File Search. Use Forensic File Search to search the data:
If you want to stop collecting data from a data source, deauthorize it.