±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36303
New Yesterday: 1 Visitors: 199

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

System logs

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

ebmetric
Member
 

System logs

Post Posted: Mar 09, 19 18:05

Hi there,

First time I have encountered case where I need to find information on PC(Windows10) about network drive that was connected, that's why I have few questions to more experienced forum members:
1) Is there on Windows10 some kind of system logs(evtx) or any information regarding accessing shared network drive?
2) Where could I search configuration information about network drive?
3) What else I can find out about network drive?

At this point I have checked out application.evtx, system.evtx "../drivers/etc/hosts".

I have dd image and lots of time to learn something new. Smile

Thank You in advance for Your time.  
 
  

jaclaz
Senior Member
 

Re: System logs

Post Posted: Mar 10, 19 16:17

- ebmetric

At this point I have checked out application.evtx, system.evtx "../drivers/etc/hosts".

I would check the Registry.
Knowing how the good MS guys like to reuse code, it is likely that everything (or almost anything) valid in XP and in 7 is still valid in 10.
Like:
social.technet.microso...7itprovirt
superuser.com/question...rive-paths
superuser.com/question...e-mappings
www.bloggingforlogging...-going-on/

Also (though not necessarily a password has been saved locally):
www.nirsoft.net/utils/...overy.html

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

keydet89
Senior Member
 

Re: System logs

Post Posted: Mar 19, 19 10:39

- ebmetric

....about network drive that was connected...

1) Is there on Windows10 some kind of system logs(evtx) or any information regarding accessing shared network drive?
2) Where could I search configuration information about network drive?
3) What else I can find out about network drive?


Are you referring to a network drive available on the system, or a network drive to which a user on the system connected?

If the network drive is on the system, that's in the Registry. Since you have the image of the system, run the RegRipper 'shares.pl' plugin against the System hive.

If you're looking for information on shares to which a user on the system connected, I'd start by looking to the shellbags artifacts.

HTH  
 

Page 1 of 1