Windows Forensics Net File Lab

FacebookTwitterGoogle+LinkedInEmail
Description
Net File is a command line utility that demonstrates for you whether or not files are open or closed on the network share drive. The Net File lab shows what you can do remotely to confirm sever-side if files are open, and how to use the utility to closing an open file on the network. [toggle_content title="Transcript"] Hi, Leo Dregier here. I want to talk to you about a command, net file. Net file is a command in which you can view remote systems to see if files are open and closed on that system or if they’re being accessed remotely, and, uh, disconnect users from that. So, the first thing I’m going to do is do a net file. And if I do that, you can see, you know, system error, okay, access denied. Well, that’s simply because, uh, I’m not running as an administrator, but if you opened it up as administrator, you’ll see net file. Yeah, immediately it opens up. So you can see here, net file was the command. The ID is 9. I have a file – a folder here that I’ve shared out, uh, on the C drive, which I’ll pull up right quick. Uh, you can see the share directory here, and the username, Owner, and if there’s a lock on that, uh, or not. Uh, and that’s simply because I basically have this open and access through Network Neighborhood here in another window. So if I run that again, uh, you can see that there’s no entries on the list. Uh, sometimes it’s helpful to kind of go through these a couple different times. Uh, so I’ll show this to you and get it to, to display again. So, let’s do \\CEH-Windows7. Here you can see the share. I have a text document. I have a text document open that I can put some stuff in. Uh, open command prompt. Oops, too fast, CMD, open a command prompt, right click, run as administrator, net file; there you go. You get to have input in it. So, let’s close it. Let’s do 99, uh, close. Okay, and the command completed successfully. Let’s do 100 close. The command completed successfully. And then, 82 close, 82 close, command completed successfully. Do a net file again; there are no entries in the list. So, I’m basically proving that I can disconnect people remotely, um, from that share, at least from the server side. Ah, so be sure to add your comments to the chat dialogue boxes, the messages, and reach out and share thoughts. My name’s Leo Dregier, and I’ll see you in the next video. And I’m sure you’ve connected by now on Facebook, Linkedin, YouTube, and Twitter. [/toggle_content]
Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel