Evidence: Bluetooth Connections
Description: Collect Bluetooth Connections
Category: System
Platform: macos
Short Name: bluconn
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
KnowledgeC stores Bluetooth connection events with device names and MAC addresses. This data is essential for identifying connected peripherals and potential data exfiltration paths.
Data Collected
This collector gathers structured data about bluetooth connections.
Collection Method
This collector reads KnowledgeC databases and queries the bluetooth connection stream, recording into bluetooth_connections.
Forensic Value
This evidence is crucial for forensic investigations as it ties users to external devices and timestamps connections.
