±Partners and Sponsors

±Your Account


Nickname
Password


Forgotten password/username?


Membership:
New Today: 0
New Yesterday: 13
Overall: 26959
Visitors: 51

±Follow Forensic Focus

Join our LinkedIn group

Subscribe to news

Subscribe to forums

Subscribe to blog

Subscribe to tweets

Novell Groupwise

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

Novell Groupwise

Post Posted: Thu Oct 22, 2009 1:13 am

Hi guys.

I have to do an investigation involving Novell Groupwise emails. Is there anyone that has done investigations like this using FTK.  

Velandra
Newbie
 
 
  

Re: Novell Groupwise

Post Posted: Thu Oct 22, 2009 6:06 am

Unless something has changed in the newest version (which I have only started to play with), you will need some sort of intermediate step to read/extract the message store.  

BitHead
Senior Member
 
 
  

Re: Novell Groupwise

Post Posted: Thu Oct 22, 2009 10:42 am

Paraben's Network Email Examiner is a great choice for this, and pretty reasonably priced compared to enterprise options.
_________________
Why order a taco when you can ask it politely?

Alan B. "A man can live a good life, be honorable, give to charity, but in the end, the number of people who come to his funeral is generally dependent on the weather. " 

armresl
Senior Member
 
 
  

Re: Novell Groupwise

Post Posted: Fri Oct 23, 2009 1:33 am

Hi

Thanks for the reply after some research IO found a program called Nexics that has software that allows you to view groupwise emails securely and forensically sound or thats what they claim I have requested triall version and will be giving feedback once I tested it out.

Have a great day SA is damn hot at the moment  

Velandra
Newbie
 
 
  

Re: Novell Groupwise

Post Posted: Fri Oct 23, 2009 7:42 am

Velandra,
Are you wanting to analyze the workstation or the server? You won't find any GroupWise artifcats on the PC. GroupWise stores everything in the user's mailbox in the post office on the server. I use FTK in a Novell shop that uses GroupWise. When we get an email investigation we do it one of two ways.

1.The LAN group changes the password to their email account and I log into Novell as me and log into GroupWise as the user with the new password. We do this for currently existing email.

2.When we want to see email from the past we have the LAN group restore the appropriate tape backups to a storage area and then log into the user's GroupWise as them with the new password and restore the backup. Either way the user knows they are being investigated because they are not told the new password while we are looking at it.

I am not familiar with Nexics but I work for government and we are not allowed to buy stuff so I can't use it. I hope it does what you want.  

paul206
Senior Member
 
 
  

Re: Novell Groupwise

Post Posted: Fri Oct 23, 2009 7:47 am

By the way, GroupWise normally remembers the last user to log in and brings it up. You will not be doing this on the user's computer and will need to change the user id from you to them. To force GroupWise to let you change it you go into properties for the icon the on the end of the executable you put a space and the letters /@u-? to bring up the dialog box. You can delete it when you are done.  

paul206
Senior Member
 
 
Reply to topicReply to topic

Share this forum topic to encourage more replies



Page 1 of 1