Windows Workstation...
 
Notifications
Clear all

Windows Workstation & Router Forensics

2 Posts
2 Users
0 Likes
1,449 Views
(@dewyjns)
Posts: 2
New Member
Topic starter
 

I am bit of a intermediate into forensics. Wondering where exactly to look at in a windows workstation to see which modem/router (model name) it been connecting to. I am basically looking at where to find the info; event logs and/or tools like ftk/axiom.

 

 

 
Posted : 07/09/2021 7:11 pm
Bunnysniper
(@bunnysniper)
Posts: 257
Reputable Member
 

Check the log "Microsoft-Windows-WLAN-AutoConfig/Operational.evtx" in 
%SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx for Wifi connections.

Wired connections are in 
%SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx
and have the event 10000 as ID

regards, Robin

PS: WiGLE: Wireless Network Mapping once you have the Wifi hotspot names 😉

 
Posted : 08/09/2021 11:54 am
Share: