11 Mar 2016

11 Mar 2016

How Seeker Scans


Local and SMB File Scanning
(for thorough sensitive data scanning and permission scanning):

Rather than reinventing the wheel, Seeker uses a built-in component of Microsoft Windows called IFilters to scan the contents of most files.  IFilters are the very same mechanism Microsoft’s Windows Search uses to convert and read the contents of files as plain text when indexing them.  For some other file formats, Seeker uses its own internal read methods, and still other unidentified formats can fall back to reading a file as plain text.

Because of the use of IFilters, Seeker is extremely extensible, as IFilters for file formats a customer may use can be installed even if the file format is relatively uncommon – Using this approach instead of trying to read the file as plain text will increase legitimate matches and decrease false positives.  If you install any additional IFilters for desired file formats to be targeted on the machine performing the scan, Seeker will utilize them if you have added the file extension to your list of file extensions to scan.

Scanning a Large Number of Targets Quickly:

Seeker can use one of three methods to scan a large number of targets very quickly, as illustrated below.