Too funny…you folks would rather come after me for some sort of inferred slight than answer the OP's question. Try to inject a little humor, and this is what happens.
Anywho, network information is stored in the Registry, and when an IP address is assigned, it generally requires information about that interface to be updated. It's pretty easy to identify the interface…it's a long GUID, but the it can be looked up and tied to a network connection (ie, Start->Settings->Network Connections).
The Event Log may be useful, if the W32Time service is trying to reach out…you'll see the IP address that the system was using at the time right there in the message.
The version of Windows is also important, as a good deal of historical information can be obtained, in either the XP Restore Points, or in the Volume Shadow Copies. There are also additional Registry keys that would be of use, but again, it would just be one long "If…then" statement.
Anyway, all I wanted was to help folks ask better questions, that's it. I never said anything derogatory or abusive…
May I request DrDebonair give his reaction to the replies he received to his post in order that we apply some feedback & control to our forum in order that it fufils its objective?
wink
neddy
Sorry for not replying sooner, I have very busy of late!
As regards to the replies, yes they have been very useful and I'll explore those later today. The operating system in question is Windows Vista Ultimate, which is something I should have included in my original post, my bad.
I'll let you guys know how it goes.
Thanks for the replies, they are most appreciated!
Considering the market share windows has, you could fairly safely go on the assumption that it is Windows. Or, try asking?
I normally assume when someone doesn't specify an operating system that they are talking about Windows, but that only goes so far these days since we're in yet another Windows operating system transitional period.
When I first got into digital forensics it was during the transitional period from 9x to XP. As an examiner, you could be doing an examination on either for any given case that came through the door which meant not only some pretty significant differences in the operating systems, but also the file systems (FAT vs. NTFS).
We had a long period where you could reasonably assume that when someone spoke about a Windows system that it was some sort of XP variation on an NTFS file system.
Now we're back into another transitional era, where examiners can expect to do work on XP and Vista\Win7 machines for quite some time. While the file system differences won't be as stark as the 9x to XP era, there are some pretty significant differences between the two general types of operating systems.