DHCP Settings
Overview
Section titled “Overview”Evidence: DHCP Settings
Description: Collect DHCP (Dynamic Host Configuration Protocol) Settings
Category: Network
Platform: macos
Short Name: dhcpset
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”DHCP client leases record IP configuration and router details per interface. This data is essential for reconstructing network assignments and connectivity history.
Data Collected
Section titled “Data Collected”This collector gathers structured data about dhcp settings.
Collection Method
Section titled “Collection Method”This collector parses plist leases under /private/var/db/dhcpclient/leases and records them into dhcp_settings.
Forensic Value
Section titled “Forensic Value”This evidence is crucial for forensic investigations as it links devices to networks and IP addresses over time.