Wireless Network Connections

Overview

Evidence: Wireless Network Connections Description: Collect Wireless Network Connections Category: Network Platform: macos Short Name: wncon Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

Known Wi‑Fi networks provide a history of SSIDs and connection metadata. This data is essential for tracking user mobility, rogue AP exposure, and lateral movement via wireless.

Data Collected

This collector gathers structured data about wireless network connections.

Collection Method

This collector parses /Library/Preferences/com.apple.wifi.known-networks.plist and records entries into wireless_network_connections.

Forensic Value

This evidence is crucial for forensic investigations as it reveals trusted SSIDs, join behavior, and captive portal interactions that can indicate risk or compromise.