Forensics

The Forensics tab shows information about the original transaction.

For data loss prevention incidents that occurred on an email or a mobile channel, it displays the message subject, from, to, attachments, and message body. You can click links for details about the source or destination of the incident, such as email address, manager, and manager’s manager. You can retrieve thumbnail photos, if configured. You can also open attachments. The bottom portion of the incident screen displays the message body.

For data loss prevention incidents that occurred on a Web channel, the forensics could include the URL category property.

For discovery incidents, forensics includes the hostname and file name.

Use the Show as field to select how you want the text displayed: Marked HTML, plain text, or HTML.

Marked HTML includes the HTML markup language. HTML does not.

Forensics are stored in the \forensics_repository\data directory on the management server.

Note that the extracted text may appear slightly different from channel to channel. This is due to the way the policy engine works in different environments.