US Patent 8356357 Detecting tainted documents by tracking transformed confidential data

Tainted files suspected to contain confidential data that are inaccessible to Data Loss Prevention (DLP) applications are detected and tracked on computers. An access detection module detects that an application has accessed a file that contains confidential information. A transformation detection module that the application wrote a transformed file that contains content inaccessible to the DLP application, where the transformed file is suspected to contain at least a portion of the confidential information. A signature module generates a signature for the transformed file containing the inaccessible content. The signature is stored in a signature database containing a plurality of signatures of transformed files. A comparison module compares the signature generated to files transmitted via a network, wherein the transmitted files contain content inaccessible to the DLP application. A transformed file detection module detects that matched file is the transformed file in response to a comparison indicating that the signature matches a file transmitted via the network.