Computer Forensics, Malware Analysis & Digital Investigations: EnCase EnScript to parse wireless network information for Vista, 7 & 8

Thursday, March 13, 2014

EnCase EnScript to parse wireless network information for Vista, 7 & 8

This EnScript is an update to one I did several years ago for extracting wireless network information on Windows XP systems.

This EnScript supports Windows Vista, Windows 7 & 8. When run, it will search for any SOFTWARE registry hives (Single Files are supported) and extract some useful information and display it in the console as well as make a bookmark.

Example information:

Download EnCase v6 here
Download EnCase v7 here

2 comments:

proneer Sunday, 16 March, 2014: Vista, 7 &8's registry are also stored first/last connection time for SSID. Refer to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profile\{GUID}.
Look up {GUID} to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Signature\
Unmanaged\ProfileGuid.
Lance Mueller Sunday, 16 March, 2014: Prooner, thanks for the comment & good point.

I am working on adding these, I just have not incorporated the lookup yet.

EnScript v6 Tutorial IV

Thursday, March 13, 2014

EnCase EnScript to parse wireless network information for Vista, 7 & 8

2 comments:

Post a Comment

Search This Blog

Blog Archive

Label Cloud

Contact

Subscribe via email

Computer Forensics, Malware Analysis & Digital Investigations

Random Articles