Information leaks are a constant worry for companies and government organizations. After a leak occurs it is very important for the data owner to not only determine the extent of the leak, but who originally leaked the information. We propose a technique to extend data provenance to aid in determining potential sources of information leaks. While data provenance is commonly defined as the ancestry of a file or document, the ancestry recorded depends on the provenance collector. Instead of only recording where a file or document came from, we propose to also track when and where a file or document leaves the system. To track these departures, we suggest the use of ghost objects when a file is either written to a mounted external storage device or copied to a client machine via NFS or any other network interface such as SSH or FTP. In this talk, we present our solution for tracking emigrant data and explain the minor changes to current provenance-aware storage systems required to enable our solution.