# Wireless Network Connections

## Overview

**Evidence:** Wireless Network Connections\
**Description:** Collect Wireless Network Connections\
**Category:** Network\
**Platform:** macos\
**Short Name:** wncon\
**Is Parsed:** Yes\
**Sent to Investigation Hub:** Yes\
**Collect File(s):** No

## Background

Known Wi‑Fi networks provide a history of SSIDs and connection metadata. This data is essential for tracking user mobility, rogue AP exposure, and lateral movement via wireless.

## Data Collected

This collector gathers structured data about wireless network connections.

## Collection Method

This collector parses `/Library/Preferences/com.apple.wifi.known-networks.plist` and records entries into `wireless_network_connections`.

## Forensic Value

This evidence is crucial for forensic investigations as it reveals trusted SSIDs, join behavior, and captive portal interactions that can indicate risk or compromise.