Windows Workstation & Router Forensics

General (Technical, Procedural, Software, Hardware etc.)

Last Post by Bunnysniper 4 years ago

2 Posts

2 Users

0 Reactions

2,003 Views

RSS

dewyjns

(@dewyjns)

New Member

Joined: 4 years ago

Posts: 2

Topic starter 07/09/2021 8:11 pm

I am bit of a intermediate into forensics. Wondering where exactly to look at in a windows workstation to see which modem/router (model name) it been connecting to. I am basically looking at where to find the info; event logs and/or tools like ftk/axiom.

Quote

Bunnysniper

(@bunnysniper)

Reputable Member

Joined: 13 years ago

Posts: 259

08/09/2021 12:54 pm

Check the log "Microsoft-Windows-WLAN-AutoConfig/Operational.evtx" in
%SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx for Wifi connections.

Wired connections are in
%SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx
and have the event 10000 as ID

regards, Robin

PS: WiGLE: Wireless Network Mapping once you have the Wifi hotspot names 😉

ReplyQuote

8 Forums
15.7 K Topics
92.3 K Posts
291 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed