Windows Workstation...
 
Notifications
Clear all

Windows Workstation & Router Forensics

dewyjns
(@dewyjns)
New Member

I am bit of a intermediate into forensics. Wondering where exactly to look at in a windows workstation to see which modem/router (model name) it been connecting to. I am basically looking at where to find the info; event logs and/or tools like ftk/axiom.

 

 

Quote
Topic starter Posted : 07/09/2021 8:11 pm
Bunnysniper
(@bunnysniper)
Active Member

Check the log "Microsoft-Windows-WLAN-AutoConfig/Operational.evtx" in 
%SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx for Wifi connections.

Wired connections are in 
%SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx
and have the event 10000 as ID

regards, Robin

PS: WiGLE: Wireless Network Mapping once you have the Wifi hotspot names 😉

ReplyQuote
Posted : 08/09/2021 12:54 pm
Share: