Anybody have experience collecting emails from Lotus Notes? Looking to see if there is a way to create an archive without altering the current status of the Inbox from an endpoint and not the server.
We have done both on-site and remote Lotus Notes/Domino collections by grabbing the NSFs from the endpoints as well as from the server (including logs). The endpoints are relatively straightforward if you can acquire full forensic images or targeted images while Notes client is not running.
The Domino server can get a bit trickier as the server usually has to remain operational during the acquisition. In my experience, if you grab the data while the server is running, there is a good chance some of the NSF files might be in an inconsistent state.
If you must use the built-in archive functionality in Notes to narrow things down, I would do that after the full NSF acquisition, on a duplicate copy of the mailbox in disconnected state rather than on the live copy.
You probably have plenty of experience with Notes. I will share some more info just in case anyone else comes across this post looking for more details in the future.
A couple of gotchas:
- Conversions to/from Notes are tricky. I strongly recommend setting your workflow up in a way that you can work with tools that support Notes natively end to end rather than by converting to other formats such as PST.
- Security in Domino/Notes is granular—up to the field level within a record if I remember correctly. So, prepare to run into encrypted NSF files as well as messages/fields.
On the production side, Domino XML Language (DXL) files is something worth looking into, although industry support for it is nearly non-existent. If you choose to go with a static production format such as PDF, another gotcha is collapsed sections. You would likely want to make sure your processing solution expands all collapsed sections automatically.
Good luck and keep some Notes Java API or LotusScript references handy!
Thanks for the tips.
Unfortunately we wont have access to the server at all. Hoping there is a local NSF storage file on the computer. Using the Note archive function, it appears to also delete/compact the emails that have been archived, which is not ideal either.
Yes, there should be local NSF files if Notes client was being used. I believe the default location used to be %ProgramFiles%\IBM\Notes\Data before the HCL acquisition.
In my experience, the built-in archive function is designed for cleanup rather than to facilitate a forensic export.
I ran into the below post on extracting data from Lotus Notes on Reddit last night. The blog has a GitHub project associated with it. I haven’t had the opportunity to play with it yet, but I’m posting it here in case anyone interested in Notes acquisitions and analysis finds it useful.
Just an update, there is a Create Replica option if there is no offline copy already. It does take a while as it is replicating the whole Lotus Notes account.