Identity theft has become more prevalent in recent years; about 10 million incidents occur each year.1 IT professionals must understand the need for personally identifiable information (PII) discovery to protect themselves and their company from the civil, legal and financial liabilities caused by data loss. As documents migrate to digital form from hard copy, sensitive personal information gets stored in a variety of places digitally. National and international laws are in place requiring companies to search for confidential data to ensure compliance. Some US examples include the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act (HIPAA). At the state level in the US, New York State’s Disposal of Personal Records Law (2006) requires businesses to “properly dispose of records containing personal information,” implying that this information must be unreadable and unrecoverable. International privacy laws, many of which are more stringent than those in the US, require similar activity.2 To comply with these laws, security professionals use a variety of sensitive information discovery tools to find and remove readily available information stored on end-point devices. While current PII discovery tools can find information that is readily available, they are not capable of discovering information that has been encrypted, obfuscated, hidden, deleted or is otherwise unrecoverable. It is critical to note that the content and metadata of deleted files can be easily recovered using standard forensics tools. This paper will introduce computer forensics techniques to reveal sensitive data that are likely to be missed by PII tools, including data in RAM memory, graphics files, registry information or files marked as deleted.

Publication Date



Note: imported from RIT’s Digital Media Library running on DSpace to RIT Scholar Works in February 2014.

Document Type


Department, Program, or Center

Department of Computing Security (GCCIS)


RIT – Main Campus