Skip to main content

Instructor, no.

Incydr Professional, Enterprise, Gov F2, and Horizon, no.

Incydr Basic, Advanced, and Gov F1, no.

CrashPlan Cloud, no.

Retired product plans, no.

CrashPlan for Small Business, no.

HOME
GETTING STARTED
RELEASE NOTES
FAQs
APIs
SYSTEM STATUS
Code42 Support

Search file activity with Forensic Search

...

ParseError: EOF expected (click for details)
Callstack:
    at (Article_Update_Log/2021-07-01/Search_file_activity_with_Forensic_Search), /content/body/p[2]/span, line 1, column 10
  is a powerful

search interface that enables security teams to monitor and investigate suspicious file activity.
ParseError: EOF expected (click for details)
Callstack:
    at (Article_Update_Log/2021-07-01/Search_file_activity_with_Forensic_Search), /content/body/ins[1]/span, line 1, column 10
 provides detailed visibility about files
tool for detecting and investigating insider risks, providing detailed visibility for
ParseError: EOF expected (click for details)
Callstack:
    at (Article_Update_Log/2021-07-01/Search_file_activity_with_Forensic_Search), /content/body/del[1]/span, line 1, column 10
administrators
about:
  • StoredFiles on user devices, including files not selected for backup
  • Stored in corporateFiles stored only in cloud services , such asThis tutorial explains how to search for file activity to help answer questions such as: Google Drive and Microsoft OneDriveWhat did a departing employee do before giving notice?
  • Synced to personal cloud services, such as Box, Dropbox, iCloud, and OneDriveWhat files in your Microsoft OneDrive or Google Drive account have public links or have been shared with users outside your organization?
  • Moved to removable mediaAre confidential or sensitive files being stored on devices that belong to unauthorized users?
  • Sent as email attachments in Microsoft Office 365 and GmailGiven the filename and/or MD5 or SHA256 hash of a file, does it exist in your organization? If so, who was the first user to possess it?
  • Sent to printers (Mac and Linux only)What file activity occurred during a security incident?

This enables security personnel to Is there evidence of attempts to cover up malicious activity (deleting files, changing extensions, etc.)? gain a clearer understanding of file activity throughout What network interfaces were active on a device during a security incident? the organization.

For

specific searchmore examples, see
ParseError: EOF expected (click for details)
Callstack:
    at (Article_Update_Log/2021-07-01/Search_file_activity_with_Forensic_Search), /content/body/span[1], line 1, column 10
.

...

Watch the video below to learn how to use

ParseError: EOF expected (click for details)
Callstack:
    at (Article_Update_Log/2021-07-01/Search_file_activity_with_Forensic_Search), /content/body/p[6]/span[1], line 1, column 10
to perform a search for file activity. For other videos in this series, see our
ParseError: EOF expected (click for details)
Callstack:
    at (Article_Update_Log/2021-07-01/Search_file_activity_with_Forensic_Search), /content/body/p[6]/span[2], line 1, column 10
.

For more videos, visit the
ParseError: EOF expected (click for details)
Callstack:
    at (Article_Update_Log/2021-07-01/Search_file_activity_with_Forensic_Search), /content/body/del[6]/span, line 1, column 10
University
.

...

Considerations wiki.page("Administrator/Cloud/Content_Library/Role_Considerations/Permissions_for_Incydr_note", "Permissions for Incydr note")

...

Follow the steps in 

ParseError: EOF expected (click for details)
Callstack:
    at (Article_Update_Log/2021-07-01/Search_file_activity_with_Forensic_Search), /content/body/p[9]/span, line 1, column 10

to enable File Exfiltration Detection for at least one organization in your
ParseError: EOF expected (click for details)
Callstack:
    at (Article_Update_Log/2021-07-01/Search_file_activity_with_Forensic_Search), /content/body/span[2], line 1, column 10
.

...

  1. Sign in to the 
    ParseError: EOF expected (click for details)
    Callstack:
        at (Article_Update_Log/2021-07-01/Search_file_activity_with_Forensic_Search), /content/body/ol/li[1]/a/span, line 1, column 10
    
    .
    You must have a role with permissions that allow access to 
    ParseError: EOF expected (click for details)
    Callstack:
        at (Article_Update_Log/2021-07-01/Search_file_activity_with_Forensic_Search), /content/body/ol/li[1]/em/a/ins/span, line 1, column 10
    
    .
  2. Select 
    ParseError: EOF expected (click for details)
    Callstack:
        at (Article_Update_Log/2021-07-01/Search_file_activity_with_Forensic_Search), /content/body/ol/li[2]/strong/span, line 1, column 10
    
    > Search
    .
  3. Choose a date range
  4. Select a search filter.
  5. Select the search operator.
  6. Enter the search value.

...

  • Was this article helpful?