WLAN Event Log
Description: Determine what wireless networks the system associated with and identify network characteristics to find location.
Location:
- C:\Windows\System32\winevt\logs\Microsoft-Windows-WLAN-AutoConfig Operational.evtx
- 11000 - Wireless network association started
- 8001 - Successful connection to wireless network
- 8002 - Failed connection to wireless network
- 8003 - Disconnect from wireless network
- 6100 - Network diagnostics (System Log)
Notes:
- Shows historical record of wireless network connections
- Contains SSID and BSSID (MAC address), which can be used to geolocate wireless access point.
Analysis:
Coming Soon!