Bluetooth Connections

Overview

Evidence: Bluetooth Connections Description: Collect Bluetooth Connections Category: System Platform: macos Short Name: bluconn Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

KnowledgeC stores Bluetooth connection events with device names and MAC addresses. This data is essential for identifying connected peripherals and potential data exfiltration paths.

Data Collected

This collector gathers structured data about bluetooth connections.

Collection Method

This collector reads KnowledgeC databases and queries the bluetooth connection stream, recording into bluetooth_connections.

Forensic Value

This evidence is crucial for forensic investigations as it ties users to external devices and timestamps connections.

PreviousBlock Devices NextBrave Bookmarks

Last updated 3 days ago

Was this helpful?