Novell Netware is a network - theforcenet.ca

dargspurΔίκτυα και Επικοινωνίες

27 Οκτ 2013 (πριν από 4 χρόνια και 13 μέρες)

132 εμφανίσεις

Novell Netware

File Recovery and Forensics

What is Netware?


Novell Netware is a network operating
system that works on LDAP principles to
offer users a robust platform for hosting
files printers and other network related
services.

History of Netware


Early design in 1983


Designed to host files to DOS workstations


First OS to use Network Drive Mapping to local
workstations


Propriety Designer of the IPX network interface


Originally manufactured by the SuperSet
Corporation bought by Novell in 1983 to support
a Network OS for the hardware Novell was
making at the time.


Netware Facts

Website
:

www.novell.com

Company
/

developer
:

Novell, Inc.

Source model:

Closed source

Latest stable release:

6.5 SP6 /
November 6
,
2006

Kernel

type:

Hybrid kernel

Default
user interface
:

CLI

License
:

Proprietary

Working state:

Current

Client / Server Interface


With the introduction of Netware 5 Novell
Offers its users and administrators a never
before seen level of off server
management. Meaning that the majority of
all work can be done without directly
accessing the server through Console1 or
Novell’s imanager software

Who uses Netware?

Who Likes Netware?

Tony Does

Packet Encryption


How off Server
administration works for Forensics


With Netware’s heavy inclusion of RSA standard
encryption all transmission from the server to the
client (including web clients) is encrypted insuring
secure communication and data continuity

File Recovery

Programs to Use:



-

NWFiler (Novell File Utility)


-

Kroll Ontrack for Netware

Why not Disk Editor


Norton Disk Editor was designed for FAT
Partitions, without further testing there's no
evidence to support what disk editor will
do to a NFS



Filer


On Console or via Network

Salvaging Files

To Recover Files use the
Salvage Deleted Files
Option

To Recover Files
from Directories
that exist in the
File system

To Recover
Deleted
Directories

Enter a Extension or
leave as wildcard

Navigate to the Folder, Only deleted files
and directories will appear in the file
browser

MAC Information

Confirmation

Recovered file is shown in the
original directory

Filer Methodology


Filer was originally intended to be a file
browser for Netware administrators


Filer can be used to recover files that have
not been purged from the system (files are
only purged when a administrator purges it
using the “purge” option from the filer
menu

When Files have been Purged


Kroll On track File
Recovery for Netware



Must Be installed on Server


NLM Netware Loadable
module



Only accessed by the
Server Console or RconsoleJ
(Netware remote console with
imanager)


Use NetFile Option


Selecting a Volume

File Tree

Supported Recovery Destinations

First Response

Tools to use:



Novell Console 1



Novell Netware Client



Novell NWADMIN



Novell Imanager

Items to Record


Time


IP / IPX Configuration


Users Connected to the Server


Server Running Processes


MAC Times


Console Commands


Log Files


Time


Console


To record the time from the system console
simply execute the command “time”


Internet Protocol and IPX
Configuration
-

Console


From the server console execute the
command “ipconfig”

Internet Protocol and IPX
Configuration


Remote


Open Console 1


Right Click on Server Object


Under the general


Identification Tab the
IP and IPX address are listed

Users connected to the server


Client variant


Novell Send Message
Dialog

To access the send message dialog left
click on the N icon in the windows
taskbar, expand the NetWare utilities
and click the send message to users
menu option







Users Connected to the Server


imanager variant


Launch imanager


Click the connections menu item

Server Running Processes
-

Console



To establish processes or programs running on the Netware
server, first the user should login to the GUI environment on the
server, the open the “remote console program” which simply
provides a GUI version of the console, additionally it provides a
more organized view for the various console functions.

To cycle through the running processes click the screens menu
option, this will illustrate the running programs, also if the examiner
wishes to view the parameters in which the programs are running
simply click on the option under the screens command


Server Running Processes
-

imanager


Launch imanager


Choose the “screens”
command from the
menu


This will display all
applications running
on the server

MAC Times


Map Volumes to local
drives



Use DOS command to
view mac times






Console Commands


To view recent commands that
have been accessed on the
server, the GUI Console LOG file
will be used, to access the file
click on the Utilities and “console
log” item from the main menu



The accompanying window will
show all commands executed on
the server


Log Files


Log’s are stored in the system volume
under the following path


SYS: JAVA/NWGFX



Must be logged in as admin to access this
directory



The Lab: Setup


Groups of 2 or 3


Two computers connected to a switch


One server, one investigative workstation


Static Assigned IP addresses


Server: 172.16.0.6, Workstation:
172.16.0.7 (255.255.0.0)


Computer 1 : Server


Open the VMWARE image of the server


Run the VMWARE image of the server

Computer 2: Investigative Machine

Option A

Option B

Install the following:


Netware Client


Console 1



Use the Vmware image

Accounts

Tree

CSI1

Context: Admin

Server: Theserver



Username: admin

Password: tcpip