Bluetooth Connections
Overview
Section titled “Overview”Evidence: Bluetooth Connections
Description: Collect Bluetooth Connections
Category: System
Platform: macos
Short Name: bluconn
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”KnowledgeC stores Bluetooth connection events with device names and MAC addresses. This data is essential for identifying connected peripherals and potential data exfiltration paths.
Data Collected
Section titled “Data Collected”This collector gathers structured data about bluetooth connections.
Collection Method
Section titled “Collection Method”This collector reads KnowledgeC databases and queries the bluetooth connection stream, recording into bluetooth_connections.
Forensic Value
Section titled “Forensic Value”This evidence is crucial for forensic investigations as it ties users to external devices and timestamps connections.