This EnScript is an update to one I did several years ago for extracting wireless network information on Windows XP systems.
This EnScript supports Windows Vista, Windows 7 & 8. When run, it will search for any SOFTWARE registry hives (Single Files are supported) and extract some useful information and display it in the console as well as make a bookmark.
Example information:
Download EnCase v6 here
Download EnCase v7 here
Vista, 7 &8's registry are also stored first/last connection time for SSID. Refer to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profile\{GUID}.
ReplyDeleteLook up {GUID} to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Signature\
Unmanaged\ProfileGuid.
Prooner, thanks for the comment & good point.
ReplyDeleteI am working on adding these, I just have not incorporated the lookup yet.