Hey,
Found some novell archived files in a computer that was connected to a network. They access their email via web interface so I'm trying to find the best way to get a specific email user's account/email content from the server.
What is the common procedure here? Do i image the whole server or partition? It's a huge server.
Any inputs is appreciated. Thanks
MC
First you (and we) need to know what email server they were/are using. The user computer could have a Novell client to access the primary server, but what were they using for email? Lotus Domino, MS Exchange, Groupwise ??
Is this a friendly job - as in you are working FOR the company that has the server or are you with the opposition. That may make a difference in how/what type of help you can get from them in getting that info.
-=ART=-
Hi 4n6art,
Apologies, totally forgot its groupwise. And i'm helping an agency analyze the emails. I dont work for the company.
MC
check with Paraben email examiner… I hope..
()-CADI-()
Hi Abdulcadir,
I've looked at Paraben network email examiner but am looking to get email off the server without purchasing a software if thats at all possible.
Thanks for the response though.
MC
MC!
Trial will work for 30 days and 23 time … also its amazing fast in searching
()-CADI-()
Hi Abdulcadir,
I've looked at Paraben network email examiner but am looking to get email off the server without purchasing a software if thats at all possible.
Thanks for the response though.
MC
That could be tough. You could try imaging the server and then virtualizing the image using VMWare. Connect a client machine to it and pull down the e-mails.
Of course, VMWare might necessitate buying software but it is another idea.
A number of other questions. Do you have 'log on' access to the Groupwise server? Or admin rights to the Groupwise server over the network? If you do have you considered exporting or backing up the relevant postoffice out to an external drive? Or failing that considered logging on to the network using a Windows Box, mapping a drive to the PostOffices and using FTK to image them out?
If the groupwise server is part of the Netware eDirectory you may be able to export/backup the emails via the user account as an option.
This article may assist you. http//
Failing that find a friendly Netware Administrator.
Bon chance
Jesterladd
@gkelley & @Jesterladd and everyone else,
I will try imaging as suggested. Currently am using encase as my main tool, what email forensic software are you guys using apart from paraben?
MC
MC,
The software I use depends on what task I want to get done. Apart from Paraben, I use FTK, NUIX Desktop or the native program.
Jesterladd