Hi Guys,
What is the quickest way to locate the mac address in registry?
the best way which way i know. mount image with vfc 2 and look mac adress
Hi Guys,
What is the quickest way to locate the mac address in registry?
Googling "registry mac address", the first entry states where it is
jonathan in windows 7 there is no network adress section and encase link to mac script didnt work in windows 7 too i am working on it
Windows doesn't store the NIC MAC address in the Registry by default. If you fire up an acquired image in a VM, you'll get the MAC address of the VM interface.
The link to changing the MAC address does just that…changes it.
However, pp. 186-187 of "Windows Forensic Analysis 2/e" covers other places within the Registry that you *might* find the MAC address.
Depending upon the version of Windows you're referring to, you may find the MAC address in Windows shortcuts, or (on Windows 7) within the TrackerData block in the LNK streams within automaticDestinations Jump Lists.
HTH.
here you can learn EnScript to obtain the MAC address of a non-running machine (http//
versions that support Windows 2000/XP/Vista
Asparajin,
what would you be querying with the EnScript?
Or from the command line type ipconfig/all?
If it is forensic, (the OP doesn't say) clone the drive, put it back in the original computer, remove any log on password, then from the command line type ipconfig/all
Asparajin,
what would you be querying with the EnScript?
Encase Enscript (LNK files querying)
Windows 7 not working (
Or from the command line type ipconfig/all?
If it is forensic, (the OP doesn't say) clone the drive, put it back in the original computer, remove any log on password, then from the command line type ipconfig/all
I haven't tested this, but theoretically you could also take out the network card, and use another (forensically controlled) system to read the MAC address. As an aside, on many systems it's possible to spoof the MAC addresses (software- or hardwarebased) something to consider in scenario's with skilled IT personnel..
Roland