How can I tell if an employee is divulging secure information when I don't know which application or method is being used?
Search for a sensitive word or words in Keystroke event recordings. Keystroke recording captures all key entries typed by users in any application: whether it's in an online browser, a command line, in a document, or in an application that no one else has installed. This scenario has you create a new chart to see users who most often type a "sensitive" word. Keep in mind, also, that you can modify the criteria and settings for any existing chart.
Create a new Quick View panel:
Select Quick View.
Create a "panel" to collect your custom charts by right-clicking in the left navigation pane and selecting New > Panel. Name the panel, then click the button in the empty panel to start a new chart.
Create a new chart:
Start the New Chart Wizard by clicking a "Click Here" button or right-clicking and selecting New > Chart. You will use the New Chart Wizard to create a Keystrokes chart. At Step 1 of the wizard, click Next.
At Step 2, select a Keystroke chart showing Top Users entering formatted keystrokes. At this point the chart shows only the top typists; you will specify your search terms later. Click Next.
At Step 3, choose a chart style (Horizontal Bars, Vertical Bars, or Pie Chart). Select 3-dimensional for this special effect and click Next.
At Step 4, click Next to keep the chart size at 1/4 page.
At Step 5, give the chart a title, and select the Customize Criteria Settings option to open the Criteria selection box as soon as the New Chart Wizard is done. The Criteria is where you will specify your search term(s). Click Finish.
Set the chart criteria:
Because you selected Customize Criteria Settings, the Criteria selection box appears after you close the New Chart Wizard box. Make sure the General Criteria has a reasonable time period selected.
Click the Event Criteria tab. Enter terms to search for. Select the Keystroke and Window Caption fields to search in, and include All Programs. See Event Keyword Search Rules for advanced search formats.
For example, if you use quotations around the phrase "client list," there must be an exact match to client list in either the Keystrokes or Window Caption search field. Selecting Include Partial matches would include client lists. The Search query "Client List" OR "client contract" would look for an exact match to either of those phrases. Click OK to set the Criteria, search the data, and view the chart.
View the chart:
The top typists of client list are reported in the chart. The chart bars represent number of keystrokes typed in the events where the search words were found.
Click on any bar in the chart to open an Event Window to the detailed data. From the "Navigate" pane, you can see in which application the words were typed (as below, in AIM - AOL Instant Messenger). Loading events into the Events grid allows you to explore the context and contents of the event. See Recorded Keystroke Events for a full discussion of the data returned in the Events window.
