My experience with Novell is very limited, and need to acquire an image of a live Novell server. Has anyone been successful with running Encase or FTK from a CD or USB to create a logical image? Were there any issues or did it work the same as usual.
thanks.
Ahh Novell.
This could be difficult, tell us more about the version of Novell, if recent memory serves they have become much more linux like (?).
Sorry, no F-Response for Novell, it's next to impossible to get information on the heritage platform any more.. but if my understanding is correct, and the Novell server you are looking at is largely linux based we may be able to help.
I havent tried to image a Netware server yet, but as a pointer you'll need a full Netware Client on the machine & a full Supervisor (3.x and below ) or Admin (4.x/5.x not sure on 6.x) to get access to the root of the Netware Volumes.
If you're looking for deleted files you'll need to check the deleted file retention settings at the console. Use set to view the configurable settings. and may be able to use the Salvage utility to view what deleted files are available
p
For Novell exams I start with Captain Nemo from Runtime Software.
Widely used by law enforcement personnel, forensic investigators as well as network administrators. Captain Nemo enables you to access any Novell, NTFS or Linux drive from your Windows computer without requiring a network setup.
Just connect the drive to your machine and Captain Nemo will automatically mount your Netware, NTFS or Linux partitions in Windows. You can read, search and view all your Novell/NT/Linux files and copy them to your Windows drive.
Mount images you previously created with another software, such as DD, RAID Reconstructor or GetDataBack. Captain Nemo can mount any raw image of a disk that was formatted with NTFS, Novell or Linux. Captain Nemo accepts raw images (.img), compressed raw images (.imc) and
virtual images (.vim).While Captain Nemo is not a data recovery tools in a strict sense, you can often use the Captain to mount an image or virtual image that you created with RAID Reconstructor. Once a RAID is reconstructed its file system is usually in good enough shape to be simply mounted in Captain Nemo, saving you many hours recovering your files.
Captain Nemo does not require the installation of any Netware, NTFS or Linux drivers, programs or files!
The foreign file system will be mounted automatically and you can copy files from it to the Windows partition.
Bithead
I hve used Nemo on a server that I could down, but Jason says he has to do it live.
p
Ooops. Missed the LIVE part of your post.
Ahh Novell.
This could be difficult, tell us more about the version of Novell, if recent memory serves they have become much more linux like (?).
Sorry, no F-Response for Novell, it's next to impossible to get information on the heritage platform any more.. but if my understanding is correct, and the Novell server you are looking at is largely linux based we may be able to help.
Are you saying, in this case its Netware 6.1, that with a linux-based Novell server, F-response can run in the background to perform a logical or physical collection of the data?
Jason,
Not sure, in theory everything should be fine, as we have a version of F-Response (Field Kit) for Linux (Beta).
However, I'm not sure if there are any Novell modifications to the base libraries that would cause issues, however with that being said I imagine if it didn't work that failure would be a simple "unable to execute" or "unable to locate disks" style of error, nothing overly dramatic.
If someone has a Novell (base linux) testing server and is interested in helping out let me know and I'd be happy to set up some manner of test.
Thanks!
M Shannon