In a forensic examination of a suspect computer

G

Guest

I posted this in the Wireless Networking Group and no one replied so I am
trying here.

we are trying to parse some information about wireless stored in:
HKLM\SOFTWARE\Microsoft\WZCSVC\Parameters\Interfaces\{GUID}

I know that under the GUID subkey, there are binary registry values named
Static#0000, Static#0001, etc. (depending on the number of listed SSID) which
correspond to the respective list of SSIDs in the Preferred Networks box in
Wireless Network Connection configuration. The registry value contains the
SSID name in binary form.

Is there any information on parsing the rest of the binary data?
 
C

Claymore

I posted this in the Wireless Networking Group and no one replied so I am
trying here.

we are trying to parse some information about wireless stored in:
HKLM\SOFTWARE\Microsoft\WZCSVC\Parameters\Interfaces\{GUID}

I know that under the GUID subkey, there are binary registry values named
Static#0000, Static#0001, etc. (depending on the number of listed SSID) which
correspond to the respective list of SSIDs in the Preferred Networks box in
Wireless Network Connection configuration. The registry value contains the
SSID name in binary form.

Is there any information on parsing the rest of the binary data?
Click to expand...

Hello,

Download Cain and Abel here (get the right version for your OS):

http://www.oxid.it/cain.html

After installaing:

To reveal SSID's and WEP keys previously used on this computer
Click on Tools => Wireless Password Dumper

To reveal dialup/ISP passwords
Click on Tools => Dialup Password Decoder

To reveal Outlook Express account passwords
Click on the Protected Storage tab and then the blue plus sign (+) on
the toolbar above it.

To scan for available wiresless access points
Click the Wireless tab, and in the window that opens, click the Start
button.
The lower the Signal value, the better the signal; e.g -50 is better
than -90.

To see who's connected to your network
Click the Network tab and double-click on the items in the left-hand
pane.
 
G

Guest

Thanks for the reply. Actually I am a bit beyond C&A, I am examining the
Registry with AccessData Registry Viewer (part of the AccessData Forensic
ToolKit). I can see the SSIDs and Keys. When viewed in a Hex Viewer, there
is quite a bit of information beyond the SSID and Key. I am trying to
determine what is in that additional data.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

WLAN static configurations 1
What is Windows registry (Registry Keys) 1
Registry and Wireless settings 0
Stubborn Wireless Connectivity Problem 5
Clear "Automatically connect to non-preferred networks" from registry 3
Sysprep and Wireless Network Configuration 2
What is Windows registry (Registry Keys) 5
What is Windows registry (Registry Keys) 1

Top