Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating...
-
Upload
pearl-hood -
Category
Documents
-
view
232 -
download
0
Transcript of Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating...
![Page 1: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/1.jpg)
Novell Netware
File Recovery and Forensics
![Page 2: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/2.jpg)
What is Netware?
• Novell Netware is a network operating system that works on LDAP principles to offer users a robust platform for hosting files printers and other network related services.
![Page 3: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/3.jpg)
History of Netware
• Early design in 1983• Designed to host files to DOS workstations• First OS to use Network Drive Mapping to local
workstations • Propriety Designer of the IPX network interface • Originally manufactured by the SuperSet
Corporation bought by Novell in 1983 to support a Network OS for the hardware Novell was making at the time.
![Page 4: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/4.jpg)
Netware Facts
Website: www.novell.com
Company/developer:
Novell, Inc.
Source model: Closed source
Latest stable release: 6.5 SP6 / November 6, 2006
Kernel type: Hybrid kernel
Default user interface: CLI
License: Proprietary
Working state: Current
![Page 5: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/5.jpg)
Client / Server Interface
• With the introduction of Netware 5 Novell Offers its users and administrators a never before seen level of off server management. Meaning that the majority of all work can be done without directly accessing the server through Console1 or Novell’s imanager software
![Page 6: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/6.jpg)
Who uses Netware?
![Page 7: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/7.jpg)
Who Likes Netware?
Tony Does
![Page 8: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/8.jpg)
Packet Encryption – How off Server administration works for Forensics• With Netware’s heavy inclusion of RSA standard
encryption all transmission from the server to the client (including web clients) is encrypted insuring secure communication and data continuity
![Page 9: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/9.jpg)
File Recovery
Programs to Use:
- NWFiler (Novell File Utility)
- Kroll Ontrack for Netware
![Page 10: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/10.jpg)
Why not Disk Editor
• Norton Disk Editor was designed for FAT Partitions, without further testing there's no evidence to support what disk editor will do to a NFS
![Page 11: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/11.jpg)
Filer
• On Console or via Network
![Page 12: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/12.jpg)
Salvaging Files
To Recover Files use the Salvage Deleted Files Option
![Page 13: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/13.jpg)
To Recover Files from Directories that exist in the File system
To Recover Deleted Directories
![Page 14: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/14.jpg)
Enter a Extension or leave as wildcard
Navigate to the Folder, Only deleted files and directories will appear in the file browser
![Page 15: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/15.jpg)
MAC Information Confirmation
![Page 16: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/16.jpg)
Recovered file is shown in the original directory
![Page 17: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/17.jpg)
Filer Methodology
• Filer was originally intended to be a file browser for Netware administrators
• Filer can be used to recover files that have not been purged from the system (files are only purged when a administrator purges it using the “purge” option from the filer menu
![Page 18: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/18.jpg)
When Files have been Purged
• Kroll On track File Recovery for Netware
• Must Be installed on Server – NLM Netware Loadable module
• Only accessed by the Server Console or RconsoleJ (Netware remote console with imanager)
•Use NetFile Option
![Page 19: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/19.jpg)
Selecting a Volume File Tree
![Page 20: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/20.jpg)
Supported Recovery Destinations
![Page 21: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/21.jpg)
![Page 22: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/22.jpg)
First Response
Tools to use:
• Novell Console 1
• Novell Netware Client
• Novell NWADMIN
• Novell Imanager
![Page 23: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/23.jpg)
Items to Record
• Time
• IP / IPX Configuration
• Users Connected to the Server
• Server Running Processes
• MAC Times
• Console Commands
• Log Files
![Page 24: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/24.jpg)
Time – Console
• To record the time from the system console simply execute the command “time”
![Page 25: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/25.jpg)
Internet Protocol and IPX Configuration - Console
• From the server console execute the command “ipconfig”
![Page 26: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/26.jpg)
Internet Protocol and IPX Configuration – Remote
• Open Console 1• Right Click on Server Object• Under the general – Identification Tab the
IP and IPX address are listed
![Page 27: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/27.jpg)
Users connected to the server – Client variant
• Novell Send Message Dialog
To access the send message dialog left click on the N icon in the windows
taskbar, expand the NetWare utilities and click the send message to users
menu option
![Page 28: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/28.jpg)
Users Connected to the Server – imanager variant
• Launch imanager• Click the connections menu item
![Page 29: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/29.jpg)
Server Running Processes - Console
To establish processes or programs running on the Netware server, first the user should login to the GUI environment on the
server, the open the “remote console program” which simply provides a GUI version of the console, additionally it provides a
more organized view for the various console functions. To cycle through the running processes click the screens menu
option, this will illustrate the running programs, also if the examiner wishes to view the parameters in which the programs are running
simply click on the option under the screens command
![Page 30: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/30.jpg)
Server Running Processes - imanager
• Launch imanager • Choose the “screens”
command from the menu
• This will display all applications running on the server
![Page 31: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/31.jpg)
MAC Times
• Map Volumes to local drives
• Use DOS command to view mac times
![Page 32: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/32.jpg)
Console Commands
To view recent commands that have been accessed on the server, the GUI Console LOG file will be used, to access the file click on the Utilities and “console
log” item from the main menu
The accompanying window will show all commands executed on
the server
![Page 33: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/33.jpg)
Log Files• Log’s are stored in the system volume
under the following path
• SYS: JAVA/NWGFX
• Must be logged in as admin to access this directory
![Page 34: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/34.jpg)
The Lab: Setup
• Groups of 2 or 3
• Two computers connected to a switch
• One server, one investigative workstation
• Static Assigned IP addresses
• Server: 172.16.0.6, Workstation: 172.16.0.7 (255.255.0.0)
![Page 35: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/35.jpg)
Computer 1 : Server
• Open the VMWARE image of the server
• Run the VMWARE image of the server
![Page 36: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/36.jpg)
Computer 2: Investigative Machine
Option A Option B
Install the following: •Netware Client
•Console 1
Use the Vmware image
![Page 37: Novell Netware File Recovery and Forensics. What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users.](https://reader035.fdocuments.us/reader035/viewer/2022081503/56649e605503460f94b5b590/html5/thumbnails/37.jpg)
Accounts
Tree CSI1
Context: Admin
Server: Theserver
Username: admin
Password: tcpip