Documentation

Leak Detection

How to detect and trace leaked documents back to their source

PDF Ghost's leak detection feature allows you to identify the original recipient of a leaked document by analyzing the embedded fingerprints.

How Leak Detection Works

When you create a job, PDF Ghost embeds unique, invisible fingerprints in each recipient's copy. If a document is leaked, you can:

  1. Upload the leaked PDF
  2. PDF Ghost extracts the fingerprint
  3. Identifies the original job and recipient
  4. Provides complete audit trail

Starting a Leak Check

Step 1: Access Leak Check

From your organization dashboard:

  1. Click Leak Check in the sidebar
  2. Or use the Check for Leak button in the top menu

Step 2: Upload Suspicious PDF

  1. Click Choose File or drag and drop
  2. Upload the potentially leaked document
  3. Wait for the upload to complete

The system accepts:

  • PDFs (size limits apply based on your plan)
  • Documents that were fingerprinted by PDF Ghost
  • Partial or complete documents

Step 3: Start Analysis

  1. Click Analyze Document
  2. Processing typically takes 30 seconds to 2 minutes
  3. Results appear automatically when ready

Understanding Results

Fingerprint Found

If a fingerprint is detected, you'll see:

Job Information:

  • Original job name
  • Date the job was created
  • Number of total recipients

Recipient Details:

  • Email or name of the recipient
  • Date the artifact was generated
  • Download timestamp (if available)

Evidence:

  • Extracted fingerprint data
  • Match confidence level
  • Link to view original job

No Fingerprint Detected

Possible reasons:

  • Document wasn't fingerprinted by PDF Ghost
  • Document was heavily modified or converted
  • Fingerprint was successfully removed
  • Wrong organization (document from another account)

Partial Match

Sometimes you may see a partial match:

  • Document was modified after distribution
  • Some pages were removed or reordered
  • Fingerprint is partially intact
  • Confidence level indicates reliability

What to Do After Detection

Document the Leak

  1. Download the evidence report
  2. Note the date you discovered the leak
  3. Save the original leaked document
  4. Document where/how you found it

Internal Investigation

Use the information to:

  • Contact the recipient privately
  • Investigate potential breach
  • Review distribution procedures
  • Assess damage and exposure

The leak check results provide:

  • Technical evidence of source
  • Audit trail of distribution
  • Timestamp information
  • May support legal action (consult lawyer)

Leak Check Best Practices

When to Use Leak Check

  • Document appears online unexpectedly
  • Confidential info was shared inappropriately
  • Investigating potential data breach
  • Verifying distribution compliance

What NOT to Do

  • Don't confront recipient without full investigation
  • Don't make assumptions without complete evidence
  • Don't rely solely on automated results for legal action
  • Don't forget to consult legal counsel

Preventive Measures

  • Use visible watermarks as deterrent
  • Educate recipients about confidentiality
  • Track distribution carefully
  • Review access controls regularly

Privacy and Security

Your Data

  • Leak check results are private to your organization
  • Only organization admins can perform leak checks
  • Access to related jobs follows job privacy rules:
    • USER jobs: job owner and organization owner/admin
    • ORGANIZATION jobs: organization members
  • All checks are logged in audit trail
  • Uploaded PDFs are deleted after analysis

Evidence Retention

  • Results are stored with the original job
  • Follows your plan's retention policy
  • Can be exported as needed
  • Automatically deleted after retention period

Limitations

What Leak Detection Can't Do

  • Detect documents not fingerprinted by PDF Ghost
  • Identify leaks if fingerprints were expertly removed
  • Trace documents across format conversions (PDF → Word)
  • Identify recipients if document was heavily edited

Technical Limitations

  • Requires original fingerprint to be intact
  • Works best with unmodified documents
  • May fail with extreme compression
  • Cannot detect screenshots or photos of pages

Troubleshooting

"No Fingerprint Found"

  1. Verify the document was fingerprinted by your organization
  2. Check if it's from an old job that expired
  3. Confirm the PDF wasn't completely regenerated
  4. Try uploading the full document (not partial pages)

"Analysis Failed"

  • File may be corrupted
  • PDF might be password-protected
  • File size too large
  • Try again or contact support

"Ambiguous Results"

  • Document may have been modified significantly
  • Multiple possible matches detected
  • Contact support for manual analysis
  • Provide additional context about the leak

Next Steps

Leak Detection | Documentation | PDF Ghost