Imaging a volume with windows 10 installed and analyzing it in autopsy.
I’m trying to find information about network such as network card info(Manufacturer,model name,MAC address) & DHCP IP Address,
but no matter how hard I try to find it, I can’t find anything like this.
Does autopsy not support this function?
If can’t check it in autopsy, is there any other program to check it out?
The information you are looking for can be found in the registry. Autopsy uses Regripper to parse the registry. Not all the information from Regripper is brought into Autopsy. You can either go to the reports section and look for the Regripper report for the Dystem and Software hive or go to the following directory /ModuleOutput/RecentActivity/reg_X and open the file(s) SOFTWARE-regripper--full.txt or SYSTEM-regripper--full.txt. You should be able to find the information there if it exists.
Thank you!!!