Wireless History
Overview
Evidence: Wireless History Description: Collect Wireless History Category: Network Platform: Windows Short Name: wireless Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No
Background
Windows wireless network history provides information about connected wireless networks, including SSIDs, connection times, and security settings. This data is essential for understanding network connectivity and detecting unauthorized network access.
Data Collected
This collector gathers structured data about wireless history.
Wireless History Data
ID
Primary key (auto-increment)
1
ProfileName
WiFi profile name
HomeNetwork
SSID
Network SSID
HomeNetwork
SecurityType
Security type
WPA2-Personal
Authentication
Authentication method
WPA2PSK
Encryption
Encryption type
CCMP
KeyMaterial
Key material
encrypted_key_data
CreatedTime
Profile creation time
2023-10-15 14:30:25
LastConnected
Last connection time
2023-10-15 14:30:25
ConnectionCount
Connection count
150
Collection Method
This collector parses the necessary data from the wireless_history table.
This collector collects files from the following locations:
C:\ProgramData\Microsoft\Wlansvc\Profiles\
Usage
This evidence is crucial for forensic investigations as it provides wireless network connectivity information. It helps investigators understand network access, detect unauthorized connections, and investigate network-based attacks. The data can reveal connected networks, access patterns, and potential security vulnerabilities. Analysts can use this information to identify network compromises, trace connectivity, and assess network security posture.
Notes
This data may contain sensitive information that should be handled according to data protection requirements. Ensure proper chain of custody is maintained during collection and analysis.
Last updated
Was this helpful?