DHCP Server Logs
Overview
Section titled “Overview”Evidence: DHCP Server Logs
Description: Collect DHCP Server Logs
Category: Applications
Platform: windows
Short Name: dhcpl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Section titled “Background”DHCP Server logs track IP address assignments, lease renewals, and client network activity. These logs maintain records of which devices connected to the network and when, mapping MAC addresses to IP addresses.
Data Collected
Section titled “Data Collected”This collector gathers structured data about dhcp server logs.
Collection Method
Section titled “Collection Method”This collector gathers DHCP log files from the Windows DHCP directory, including active and backup logs that record IP address lease information.
Forensic Value
Section titled “Forensic Value”DHCP logs help identify unauthorized devices on the network, track device movement, correlate network activity to specific machines, and establish timelines for when compromised systems were active on the network.