Lotus Notes Collect...
 
Notifications
Clear all

Lotus Notes Collection

24 Posts
9 Users
0 Likes
2,316 Views
 isth
(@isth)
Posts: 65
Trusted Member
Topic starter
 

Hi All,

We have a potential collection job coming up which involves the collection of multiple (~12) custodian hard drives along with each users' mail. The client has sparse details as of yet, but one of the things they mentioned is that their primary mail system is Lotus Notes. I have experience collecting from Exchange, either using Exmerge or copying the entire EDB, but I have never worked directly with Lotus Notes - besides using the trial version to view NSFs. Would someone be able to point me in the direction of methodology for collecting notes email? Is it just a dump of NSFs in a predetermined folder or something that requires an exmerge-esc utility?

Any insight would be appreciated.

Thanks!

 
Posted : 04/11/2010 1:05 am
(@jonstewart)
Posts: 47
Eminent Member
 

The nice thing about Lotus Notes is that it's NSFs on the client and it's NSFs on the server. Contrast that with Exchange/Outlook, where it's PSTs on the client and EDBs on the server. You don't have to worry about using an exmerge-like utility.

That's the only thing nice about Lotus Notes. It's otherwise hellacious to deal with. Lotus Notes itself is buggy, the file format is complex, the types of data it stores is very flexible–it's not just email–which means you have to figure out whether an organization is using custom forms and how best to produce that data, and tool support for Notes is generally not as good as for Outlook.

Oh, and encryption? Yeah, there's encryption. Notes has "ID" files, and you need those to decrypt the NSFs. I cannot remember at the moment whether there's a master escrow ID file (i.e., an administrator ID file). You're dead in the water if you don't collect these.

I'm not a Notes expert, so I don't want to comment beyond my expertise, but… do your homework and run through some trials before going onsite. It is not a forgiving, learn-as-you-go technology.

Jon

 
Posted : 04/11/2010 1:47 am
(@roncufley)
Posts: 157
Estimable Member
 

Jon is correct in that if you have the .nsf files you have all the data, the views, the forms……. everything. You can always be sure that you can carry out the extraction and analysis later. There should be at least one .nsf for each custodian which may be on the server or the workstation or both and may be replicated onto other servers. His point about the id files may or may not matter, if the .nsf files are encrypted then you need both the id files and the users' passwords; depending upon how the system is set up these may be available from the admins (or, indeed, they may not).

There is a further possible wrinkle in that it is permissible to have a single email repository like Exchange Server but this is very rarely used, if it does exist it will be encrypted as a virtual certainty.

Any questions - just ask.

Good luck
Ron

PS By the way, Lotus Notes is a wonderful system, don't listen to the detractors.

 
Posted : 04/11/2010 6:08 pm
 isth
(@isth)
Posts: 65
Trusted Member
Topic starter
 

Thanks so much for the replies, gents! We're scheduled to have a call with the client to obtain more details on the exact configuration in the near future. It does seem like this will be a fairly straight forward task though.

Thanks again for the feedback!

 
Posted : 04/11/2010 7:13 pm
gblack
(@gblack)
Posts: 28
Eminent Member
 

if you have the .nsf files you have all the data, the views, the forms……. everything

That's not 100% correct. A copy of the NSF can be made by an administrator in which you don't get design elements, only documents. Make sure this doesn't happen. Often the Notes admin can make a physical copy of the NSF directly from the server and get everything. NSFs from a Notes server are typically not encrypted, and once you have a local copy permissions are ignored. If you get one of these, you MUST double check and make sure it opens after you receive the copy. I have seen NSFs get corrupted from physical copies off of Notes servers, especially when the files are active mailboxes in use.

If you're collecting from the desktop or home/group shares, this is where you have to worry about the ID files and passwords.

PS By the way, Lotus Notes is a wonderful system, don't listen to the detractors.

Bah, humbug! The Notes dev API is as screwed up as they come. Someone put very little forethought into the design of it and developers pay the price. Notes is the devil! )

 
Posted : 04/11/2010 9:35 pm
(@roncufley)
Posts: 157
Estimable Member
 

if you have the .nsf files you have all the data, the views, the forms……. everything

That's not 100% correct. A copy of the NSF can be made by an administrator in which you don't get design elements, only documents.

I think that one can say that it is axiomatic that if a copy is made that intentionally leaves things out then those things that are left out will not be in the copy, I didn't realise that I had to specify that. (We are talking forensics here aren't we?)

<…..> and once you have a local copy permissions are ignored.

Perhaps or should I say often?

PS By the way, Lotus Notes is a wonderful system, don't listen to the detractors.

Bah, humbug! The Notes dev API is as screwed up as they come. Someone put very little forethought into the design of it and developers pay the price. Notes is the devil! )

Workmen and tools?

 
Posted : 04/11/2010 10:31 pm
gblack
(@gblack)
Posts: 28
Eminent Member
 

I think that one can say that it is axiomatic that if a copy is made that intentionally leaves things out then those things that are left out will not be in the copy, I didn't realise that I had to specify that. (We are talking forensics here aren't we?)

I don't think we are, actually. This sounds like an eDiscovery collection to me. There's more than one way to get a "copy" of a Notes mailbox. Since the OP is obviously unfamiliar, I'd rather give more information than less.

 
Posted : 04/11/2010 11:09 pm
 isth
(@isth)
Posts: 65
Trusted Member
Topic starter
 

To add, the collection is for the purposes of eDiscovery, yes. We typically make dd images of custodian desktop drives (which would encompass any NSFs that may exist on the users machine) AND we collect all mail from the mail servers for the applicable users. This approach is typically highly duplicative but it ensures we have the most complete dataset, since e-mail is often of the most interest and it's really easy for someone to tamper with email on their own machine.

Appreciate the additional info.

 
Posted : 05/11/2010 12:20 am
(@roncufley)
Posts: 157
Estimable Member
 

(We are talking forensics here aren't we?)

I don't think we are, actually. This sounds like an eDiscovery collection to me.

This raises an interesting question, is this not a distinction without a difference? Forensics is producing evidence to place before the Court and eDiscovery is producing evidence to place before the Court. I appreciate the the tools and techniques might not be the same but do we not have to exercise the same care and attention to detail? Can we really afford to say, "Oh those records are probably missing because I might not have copied the whole file," just because it is "only" eDiscovery? I think not, what do others think?

 
Posted : 05/11/2010 2:39 am
(@mbarnes86)
Posts: 5
Active Member
 

Hi

About a Year ago my employer went over to Outlook & Exchange Server from Lotus Notes and Lotus Domino Server so my recollection maybe a bit hazy
There were several thousand users with many Notes servers

The domino servers (Win 2003) had 1 nsf file per user,.
The users U (users private area on login server) had some data and identity files
and the Local PC had some files and data copied from the U when the user first used Notes on a PC these were updated while the Notes Client was in use.
The server notes files were compacted by a process which ran each night
to remove deleted messages

smaller systems may be less complex

regards
Mike Barnes

 
Posted : 05/11/2010 3:19 am
Page 1 / 3
Share: