IP address retrieval

RegRipper has plugins that extract this information, and much, much more.

regripper.wordpress.com

HTH

Thanks

I have been using MiTeC Windows Registry recovery and it was giving me the same results.

How reliable do you think it is? the machine was powered down and has not been powered up since?

Hi,

Just a quick question is this a laptop used on a corporate network or a home use laptop?

If it is a home laptop then the IP address it was assigned is quite likely to be from the home router and will be an 'internal address'. If you had the router you could find out the range of numbers it would use and possibly a log of addresses that have been used along with the corresponding device's MAC address.

If it was on a corporate network then in addition to the suggested apporaches can the company provide any logs for you?

Steve

How reliable do you think it is? the machine was powered down and has not been powered up since?

Looks like you sort of answered your own question…if the machine was powered down and not powered up since, what would or could have changed the information?

You will find the information in the registry. I believe the information on the exact key is in Windows Forensic Analysis, but this page has all the relevant information

http//www.windowsreference.com/networking/dhcp-static-ip-settings-in-windows-registry/

You'll need to establish the current control set, which I don't recall how to do right now. Hopefully, you have a copy of Windows Forensic Analysis handy and can look it up.

You'll need to establish the current control set, which I don't recall how to do right now.

Open the System hive in a viewer…TZWorks Yaru is good. Navigate to the Select key and locate the Current value…the data gives you the number of what the system sees as the CurrentControlSet. Simply take that number, and go to the appropriately numbered ControlSet.

RegRipper does this automatically (determines the CurrentControlSet) in any plugin that accesses the System hive.

Great help.

Thanks all