±Forensic Focus Partners

Become an advertising partner

±Your Account


Forgotten password/username?

Site Members:

New Today: 0 Overall: 33842
New Yesterday: 1 Visitors: 158

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

Novell Groupwise

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts

Novell Groupwise

Post Posted: Thu Oct 22, 2009 6:13 am

Hi guys.

I have to do an investigation involving Novell Groupwise emails. Is there anyone that has done investigations like this using FTK.  


Re: Novell Groupwise

Post Posted: Thu Oct 22, 2009 11:06 am

Unless something has changed in the newest version (which I have only started to play with), you will need some sort of intermediate step to read/extract the message store.  

Senior Member

Re: Novell Groupwise

Post Posted: Thu Oct 22, 2009 3:42 pm

Paraben's Network Email Examiner is a great choice for this, and pretty reasonably priced compared to enterprise options.
Why order a taco when you can ask it politely?

Alan B. "A man can live a good life, be honorable, give to charity, but in the end, the number of people who come to his funeral is generally dependent on the weather. " 

Senior Member

Re: Novell Groupwise

Post Posted: Fri Oct 23, 2009 6:33 am


Thanks for the reply after some research IO found a program called Nexics that has software that allows you to view groupwise emails securely and forensically sound or thats what they claim I have requested triall version and will be giving feedback once I tested it out.

Have a great day SA is damn hot at the moment  


Re: Novell Groupwise

Post Posted: Fri Oct 23, 2009 12:42 pm

Are you wanting to analyze the workstation or the server? You won't find any GroupWise artifcats on the PC. GroupWise stores everything in the user's mailbox in the post office on the server. I use FTK in a Novell shop that uses GroupWise. When we get an email investigation we do it one of two ways.

1.The LAN group changes the password to their email account and I log into Novell as me and log into GroupWise as the user with the new password. We do this for currently existing email.

2.When we want to see email from the past we have the LAN group restore the appropriate tape backups to a storage area and then log into the user's GroupWise as them with the new password and restore the backup. Either way the user knows they are being investigated because they are not told the new password while we are looking at it.

I am not familiar with Nexics but I work for government and we are not allowed to buy stuff so I can't use it. I hope it does what you want.  

Senior Member

Re: Novell Groupwise

Post Posted: Fri Oct 23, 2009 12:47 pm

By the way, GroupWise normally remembers the last user to log in and brings it up. You will not be doing this on the user's computer and will need to change the user id from you to them. To force GroupWise to let you change it you go into properties for the icon the on the end of the executable you put a space and the letters /@u-? to bring up the dialog box. You can delete it when you are done.  

Senior Member

Page 1 of 1