Presentation is loading. Please wait.

Presentation is loading. Please wait.

File Recovery and Forensics

Published byPearl Hood Modified over 8 years ago

Similar presentations

Presentation on theme: "File Recovery and Forensics"— Presentation transcript:

1 File Recovery and Forensics
Novell Netware File Recovery and Forensics

2 What is Netware? Novell Netware is a network operating system that works on LDAP principles to offer users a robust platform for hosting files printers and other network related services.

3 History of Netware Early design in 1983
Designed to host files to DOS workstations First OS to use Network Drive Mapping to local workstations Propriety Designer of the IPX network interface Originally manufactured by the SuperSet Corporation bought by Novell in 1983 to support a Network OS for the hardware Novell was making at the time.

4 Netware Facts Website: www.novell.com Company/ developer: Novell, Inc.
Source model: Closed source Latest stable release: 6.5 SP6 / November 6, 2006 Kernel type: Hybrid kernel Default user interface: CLI License: Proprietary Working state: Current

5 Client / Server Interface
With the introduction of Netware 5 Novell Offers its users and administrators a never before seen level of off server management. Meaning that the majority of all work can be done without directly accessing the server through Console1 or Novell’s imanager software

6 Who uses Netware?

7 Who Likes Netware? Tony Does

8 Packet Encryption – How off Server administration works for Forensics
With Netware’s heavy inclusion of RSA standard encryption all transmission from the server to the client (including web clients) is encrypted insuring secure communication and data continuity

9 File Recovery Programs to Use: - NWFiler (Novell File Utility)
- Kroll Ontrack for Netware

10 Why not Disk Editor Norton Disk Editor was designed for FAT Partitions, without further testing there's no evidence to support what disk editor will do to a NFS

11 Filer On Console or via Network

12 Salvaging Files To Recover Files use the Salvage Deleted Files Option

13 To Recover Files from Directories that exist in the File system
To Recover Deleted Directories

14 Enter a Extension or leave as wildcard
Navigate to the Folder, Only deleted files and directories will appear in the file browser

15 MAC Information Confirmation

16 Recovered file is shown in the original directory

17 Filer Methodology Filer was originally intended to be a file browser for Netware administrators Filer can be used to recover files that have not been purged from the system (files are only purged when a administrator purges it using the “purge” option from the filer menu

18 When Files have been Purged
Must Be installed on Server – NLM Netware Loadable module Only accessed by the Server Console or RconsoleJ (Netware remote console with imanager) Use NetFile Option Kroll On track File Recovery for Netware

19 Selecting a Volume File Tree

20 Supported Recovery Destinations

21

22 First Response Tools to use: Novell Netware Client Novell NWADMIN
Novell Console 1 Novell Netware Client Novell NWADMIN Novell Imanager

23 Items to Record Time IP / IPX Configuration
Users Connected to the Server Server Running Processes MAC Times Console Commands Log Files

24 Time – Console To record the time from the system console simply execute the command “time”

25 Internet Protocol and IPX Configuration - Console
From the server console execute the command “ipconfig”

26 Internet Protocol and IPX Configuration – Remote
Open Console 1 Right Click on Server Object Under the general – Identification Tab the IP and IPX address are listed

27 Users connected to the server – Client variant
Novell Send Message Dialog To access the send message dialog left click on the N icon in the windows taskbar, expand the NetWare utilities and click the send message to users menu option                                                                                                                 

28 Users Connected to the Server – imanager variant
Launch imanager Click the connections menu item

29 Server Running Processes - Console
  To establish processes or programs running on the Netware server, first the user should login to the GUI environment on the server, the open the “remote console program” which simply provides a GUI version of the console, additionally it provides a more organized view for the various console functions. To cycle through the running processes click the screens menu option, this will illustrate the running programs, also if the examiner wishes to view the parameters in which the programs are running simply click on the option under the screens command 

30 Server Running Processes - imanager
Launch imanager Choose the “screens” command from the menu This will display all applications running on the server

31 MAC Times Map Volumes to local drives
Use DOS command to view mac times       

32 Console Commands To view recent commands that have been accessed on the server, the GUI Console LOG file will be used, to access the file click on the Utilities and “console log” item from the main menu The accompanying window will show all commands executed on the server

33 Log Files Log’s are stored in the system volume under the following path SYS: JAVA/NWGFX Must be logged in as admin to access this directory

34 The Lab: Setup Groups of 2 or 3 Two computers connected to a switch
One server, one investigative workstation Static Assigned IP addresses Server: , Workstation: ( )

35 Computer 1 : Server Open the VMWARE image of the server
Run the VMWARE image of the server

36 Computer 2: Investigative Machine
Option A Option B Install the following: Netware Client Console 1 Use the Vmware image

37 Accounts Tree CSI1 Context: Admin Server: Theserver Username: admin
Password: tcpip

Download ppt "File Recovery and Forensics"

Similar presentations

FILEMAKER SERVER SOFTWARE & REMOTE ADMINISTRATION

FILEMAKER SERVER SOFTWARE & REMOTE ADMINISTRATION
VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.

VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.
CSS Central: Central Management Utility Screen View Samples Next.

CSS Central: Central Management Utility Screen View Samples Next.
DNR-322L & DNR-326.

DNR-322L & DNR-326.
1 Linux Networking and Security Chapter 2. 2 Configuring Basic Networking Describe how networking devices differ from other Linux devices Configure Linux.

1 Linux Networking and Security Chapter 2. 2 Configuring Basic Networking Describe how networking devices differ from other Linux devices Configure Linux.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Lesson 15 – INSTALL AND SET UP NETWARE 5.1. Understanding NetWare 5.1 Preparing for installation Installing NetWare 5.1 Configuring NetWare 5.1 client.

Lesson 15 – INSTALL AND SET UP NETWARE 5.1. Understanding NetWare 5.1 Preparing for installation Installing NetWare 5.1 Configuring NetWare 5.1 client.
Network+ Guide to Networks, Fourth Edition Chapter 10 Netware-Based Networking.

Network+ Guide to Networks, Fourth Edition Chapter 10 Netware-Based Networking.
Chapter Nine NetWare-Based Networking. Objectives Identify the advantages of using the NetWare network operating system Describe NetWare’s server hardware.

Chapter Nine NetWare-Based Networking. Objectives Identify the advantages of using the NetWare network operating system Describe NetWare’s server hardware.
Chapter 10: Netware-Based Networking Network+ Guide to Networks Third Edition.

Chapter 10: Netware-Based Networking Network+ Guide to Networks Third Edition.
Lesson 5-Accessing Networks. Overview Introduction to Windows XP Professional. Introduction to Novell Client. Introduction to Red Hat Linux workstation.

Lesson 5-Accessing Networks. Overview Introduction to Windows XP Professional. Introduction to Novell Client. Introduction to Red Hat Linux workstation.
Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.

Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.
Activating Pilot Account ( first time users ) Web-based Activation Browse to 1. Click on the link on the lower right that says.

Activating Pilot Account ( first time users ) Web-based Activation Browse to 1. Click on the link on the lower right that says.
Cambodia-India Entrepreneurship Development Centre - : :.... :-:-

Cambodia-India Entrepreneurship Development Centre - : :.... :-:-
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.

Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.
Installing software on personal computer

Installing software on personal computer
Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.

Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.

Similar presentations

Ads by Google