|
|
|
|
|
|
Document Tracking records several activities that are commonly associated with documents including: creating, opening to write, renaming, printing, and deleting files. You decide which drive type to monitor choosing from among local drives, network drives, and drives that have been mapped to different file devices (for example CD ROM, USB storage devices, floppy drives, zip drives).
Click here to view a screenshot.
At home, have you ever misplaced a file? Renamed a file and can't remember the new name? Want to know if homework was really sent to the printer? Wondering if family financial information being copied, printed or deleted? Document Tracking helps answer these questions.
At the office, intellectual property theft and the leaking of confidential company information has become an increasing security threat. Technology has made it relatively easy for almost any employee to copy important documents to removable media such as floppy disks, zip drives, CDs, DVDs, USB drives and memory sticks, or to print out these documents and transport them off company premises. The recording of document activity on a network drive can be a useful way of determining which user may have copied, deleted or modified an important network document.
|
|
By default, Document Tracking is enabled and records all five types of document activity (creating, opening to write, renaming, deleting and printing) to any file device defined as being removable or to CDs / DVDs. To learn more about the settings that affect what you view in this window, configure activity on specific drives, or add filters, see Document Tracking Settings. |
The Document Tracking event window uses a Navigate pane and a Details pane. Information displays in the lower Detail pane for the event(s) highlighted in the upper Navigate pane. You may change the order in which columns are arranged or how information is sorted within a column.
Navigate Pane (upper)
Each document tracking activity is considered one recorded event. Events are arranged in groups and sub groups and sub-sub groups, each of which is displayed like a branch on a tree. By default events are grouped first by date, although you may choose to group the events differently.
Click on the plus (+) sign, which then becomes a minus (-) sign, next to the Document Tracking icon to expand the tree and view each date for which activity was recorded.
Click on the plus (+) sign next to a date to expand the tree and view each drive / device for which activity was recorded on that date.
Click on the plus (+) sign next to the drive / device to expand the tree and view each instance of a program for which activity was recorded on that drive / device.
Detail Pane (lower)
Click the Details tab to view this pane. The Detail pane displays information for each recorded event(s) highlighted in the Navigate pane. By navigating up or down in the tree above, you display a wider or narrower view of events.
For example:
Select the icon at the top of the tree to display details for all document tracking activity that has been recorded.
Select a particular date, for example Tue, Aug 29, 2006, to display details for each program that had activity on that date.
Select a particular drive, for example C (Local), to display details for each program that had activity on that drive / device.
Select a particular program, for example Notepad, to display details only for that program.
The Details pane displays the following columns:
Time – The time the activity occurred, using the format MM/DD/YYYY HH:MM:SS AM/PM.
Program – The application (program) that was running and on which a specific activity was performed.
File Name – The name of the file where the activity occurred.
Drive Type – The type of device where the file activity occurred. The Drive Type may be Printer, Network, Removable, Local, CDROM, Other, and Unknown.
Action - Create, Delete, Edit (opening to write or renaming), or Print.
File Size – The size of the file where the activity occurred. Size is not provided for Printer activity.
Full Path - The entire Windows file path used for the file activity. For print activity this includes the full name of the print device. For UNC files, the full UNC path is provided.
Right-click in the column heading area and select any of the following additional columns for display:
User - The user logged in to Windows.
Computer - The name of the computer on which activity was recorded.
Media – A description of the type of file that was recorded. This is derived from the file extension and may not be available for all file types. For example, files with .doc extensions have a media type of document. The currently defined media types are Audio, Compressed, Document, Image, Application, Video, and Script.
Drive - The letter assigned to the specific drive.
The Document Tracking event window contains the following shortcuts:
Group by - Use this to customize the display of recorded data in the Navigate pane tree. You may select how data is grouped, and the order in which the groups appear in the tree. You can also determine the direction in which information is sorted (ascending or descending).
Jump to - Click to select a specific recorded event in the lower Detail pane and then jump to Snapshots or Keystrokes.
Search Document Tracking- Use Search to quickly locate a specific word or phrase. Search works like a filter displaying only the data that matches the search criteria.
Delete - Use Delete to remove one or more events.
The menu bar is specifically customized for Document Tracking.
The status bar contains the standard items.
Next you will review Keywords Detected.
