Network Adapters
Overview
Section titled “Overview”Evidence: Network Adapters
Description: Collect information about network adapters
Category: Network
Platform: windows
Short Name: netadp
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”Network adapters connect the system to networks (Ethernet, WiFi, VPN, etc.). Each adapter has configuration including MAC address, IP address, DHCP settings, gateway, and DNS servers.
Adapter information reveals the system’s network connectivity and can indicate VPN usage, WiFi connections, or unusual network configurations.
Data Collected
Section titled “Data Collected”This collector gathers structured data about network adapters.
Network Adapters Data
Section titled “Network Adapters Data”| Field | Description | Example |
|---|---|---|
Name | Adapter name/GUID | {12345678-1234-1234-1234-123456789ABC} |
Description | Adapter description | Intel(R) PRO/1000 MT Network Connection |
PhysicalAddress | MAC address | 00:50:56:C0:00:08 |
Index | Adapter index | 12 |
Type | Adapter type | 71 (Ethernet 802.3) |
DHCPEnabled | Whether DHCP is enabled | TRUE |
IPAddress | IP address | 192.168.1.100 |
Gateway | Default gateway | 192.168.1.1 |
DHCPServer | DHCP server address | 192.168.1.1 |
Collection Method
Section titled “Collection Method”This collector uses Windows API to enumerate adapters:
GetAdaptersInfoto retrieve all network adapters- Parses adapter configuration
- Converts MAC addresses to readable format
Forensic Value
Section titled “Forensic Value”Network adapter information reveals network connectivity and configuration. Investigators use this data to identify all network interfaces, detect VPN or tunnel adapters, track MAC addresses for device identification, understand DHCP vs static configuration, identify WiFi connections, and correlate with network traffic.