Announcement

Collapse
No announcement yet.

Recent activity

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Recent activity

    COMO PÚEDO INTERPRETAR ESTA IMAGEN: acaso la aplicacion WEBEx HA SIDO EJECUTADA desde otra PC( IP 192.168.1.6) cosa extraña....... O el Webex porque ese dia hubo videoconferencia paso la conexion por ese IP,.................... adjunto la imagen, favor de explicarm que paso

    imagen 1: donde se localiza el archivo de videoconferencia webex
    imagen 2: ubicacion en el REGEDIT DEL Webex

  • #2
    It looks like the Cisco WebEx .exe was run a few times on the 30/Jan/2017.
    I don't think it is possible to know from the information supplied which IP addresses where used.

    Comment


    • #3
      Hi William,
      if you have access to the WebEx Admin Panel take a look there.
      If you have used a default config for WebEx hole Session Information is stored there
      you can find IP and Time ranges in Admin Panel of the Webex Sessions.

      On your Pictures you can see the Dates , last writhe in registry was 17.02.2017 your
      WebEx Session was one at 30.01.2017 first one was maybe broken restarted so you see
      in last activity two times near one by one.

      You can´t use the registry entrees for finding the IP better you go to the DHCP Server
      from where the Computer that WebEx runs get the IP Adress there you will find the real
      IP Adress you must search for the mac adress of the ethernet Card .
      A normal IP release Time is 8 Days if it is a Windows Domain you can search in DHCP Server Management
      Interface (MMC) or in Event Logs of the Server search for Time Range give 8 Days before and 8 Days after
      30.01.2017 if you not have access to the DHCP server ask the Admin for a Dump and Logfile and use that for
      searching your Search string must look like that (not same) 00:80:41:ae:fd:7e

      You will get the Information in Registry here:
      i have registry from another machine and i need to extract mac-address from ethernet adapter

      the adapter settings in HKEY_LOCAL_MACHINE\old_registry\ControlSet001\Cont rol\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0009

      and there is parameter:

      BIMacAdddress_l (REG_DWORD) = f315d433 and it is hexadecimal, decimal is 4078294067

      when in submenu choose "Edit binary data" i see something like this:

      0000 33 D4 15 F3 (and here is two some weird symbols)

      This String is your Mac Adress (0000 33 D4 15 F3)
      For search it must look like that 00:00:33:d4:15:F3 (this is a sample your one looks others !)

      In some Situations there are more than one Adapter some may be call legacy adapter this one you can ignore thy are from
      Hardware Changes without remove the driver before
      Normally you will find one if they are two the second one is often a Wifi Adapter (than your Machine was a mostly Laptop )

      If you will get access to DHCP Server or Dumps with Logfiles you can find the IP Adress that was accessed to that Computer to that Time

      But be warned if the User have used a VPN Software you must search for other Information many VPN Tools don´t use Registry for storing
      Session Information.

      That all will only work if the PC use DHCP and you get access to the Server or Dumps/Logfiles
      If that PC use DHCP on a Home Network you need access to the Router but not every Router store
      the release Information if yes you find it in the Router Logfiles the search is same (Mac Adress)

      best

      Andre
      Last edited by lauzona; Mar-09-2017, 11:34 PM.

      Comment

      Working...
      X