Wi-Fi Network Configuration (WifiConfigStore.xml)

androidNetwork TrafficDevice Extraction

Location

/data/misc/apexdata/com.android.wifi/WifiConfigStore.xml or /data/misc/wifi/WifiConfigStore.xml

Description

XML file containing all saved Wi-Fi network configurations on the device. Each network entry includes the SSID, BSSID (if pinned), security type (WPA2, WPA3, OWE, Open), pre-shared key (in plaintext on older Android versions), priority, hidden network flag, static IP configuration, proxy settings, MAC randomization preference, and creation/update timestamps.

Forensic Value

Saved Wi-Fi configurations establish the locations where the device has previously connected to wireless networks. SSIDs of home, workplace, hotel, and public networks reveal the device travel history and frequented locations. Pre-shared keys stored in plaintext (Android versions prior to 12) can be used to access the same networks for further investigation. The BSSID field, when present, uniquely identifies specific access points. Hidden network SSIDs that were manually configured reveal networks the user deliberately sought to join. MAC randomization settings indicate whether the device used a consistent or random MAC address per network, affecting network log correlation.

Tools Required

ALEAPPMagnet AXIOMCellebrite UFEDOxygen Forensic DetectiveADB

Acquisition Methods

Chip-Off Physical Extraction

android — physical

JTAG Physical Extraction

android — physical

ISP (In-System Programming) Extraction

android — physical

ADB Logical Extraction

android — logical

Root Filesystem Extraction

android — logical