After a Data Loss Prevention incident occurs, OfficeScan logs the incident details in a specialized forensic database. OfficeScan also creates an encrypted file containing a copy of the sensitive data which triggered the incident and generates a hash value for verification purposes and to ensure the integrity of the sensitive data. OfficeScan creates the encrypted forensic files on the agent machine and then uploads the files to a specified location on the server.
The encrypted forensic files contain highly sensitive data and administrators should exercise caution when granting access to these files.
OfficeScan integrates with Control Manager to provide Control Manager users with the DLP Incident Reviewer or DLP Compliance Officer roles the ability to access the data within the encrypted files. For details about the DLP roles and access to the forensic file data in Control Manager, see the Control Manager Administrator’s Guide 6.0 Patch 2 or later.