Author Name | |
Matt Nelson | |
Submission Title | |
Bluetooth Connected Device Artifcacts (Broadcom Widcomm) | |
Artifact or Program Version | |
Broadcom Widcomm | |
Artifact Description | |
These artifacts contain information you can glean from the registry pertaining to connected bluetooth devices for the Broadcom Widcomm stack. The connected external Bluetooth devices are broken in to the Bluetooth device MAC addresses in the primary registry entry. Extracted from the registry of a Windows 7 x64 system with a Broadcom 2070 Bluetooth radio device. |
|
Registry Keys | |
-= Primary Registry Key =- [HKEY_LOCAL_MACHINE\SOFTWARE\ -= Connected Devices Artifacts =- —————————— Example Device 1 – external host MAC (laptop named N3943874) —————————— [HKEY_LOCAL_MACHINE\SOFTWARE\ “DevClass”=hex:3e,01,04 “Features”=hex:00,00,00,00,00, “TimeStamp”=dword:000040f8 “FTPAuthorizationExpires”=hex: “OPPAuthorizationExpires”=hex: “BIPAuthorizationExpires”=hex: “BPPAuthorizationExpires”=hex: “DoNotAutoConfigure”=dword: “AllowWakeup”=dword:00000000 “HidDisabled”=dword:00000000 “DefaultAudio”=dword:00000000 “Manufacturer”=dword:ffffffff “LmpVersion”=dword:00000000 “LmpSubVersion”=dword:00000000 “BRCMStack”=dword:00000000 “Code”=hex:00,00 “RemoteName”=hex:00 “HandsfreeCfg”=dword:00000002 “ConnectHfIfAvConnected”= “HandsFreeVersion”=dword: “PopUpGenForAccessPIM”=dword: “ShowUI”=dword:00000000 “DisableCallNumber”=dword: “ManualDun”=dword:00000000 “DesktopShortcutRemovedByBTW”= “ “PIMSyncInit”=dword:00000000 “PIMAcceptBizcard”=dword: “PIMAcceptCalendarItems”= “PIMAcceptEmailMessages”= “PIMAcceptNotes”=dword: “IconPath”=hex:43,00,3a,00,5c, 00,73,00,79,00,73,00,74,00,65, 52,00,65,00,73,00,2e,00,64,00, 00,00,00 “AllowHFCalls”=dword:00000001 “VoiceRecognitionEnabled”= “SupportBroadcomFeatures”= “BroadcomFeatures”=dword: [HKEY_LOCAL_MACHINE\SOFTWARE\ “ServiceNameUTF8″=hex:46,69, “UUID”=dword:00001106 “Security”=dword:00000000 “DefaultConnection”=dword: “SdpAttr”=dword:00000000 —————————— Example Device 2 – external host MAC (phone named iPhone) —————————— [HKEY_LOCAL_MACHINE\SOFTWARE\ “Name”=hex:69,50,68,6f,6e,65, “DevClass”=hex:7a,02,0c “Features”=hex:00,00,00,00,00, “TimeStamp”=dword:000040f8 “FTPAuthorizationExpires”=hex: “OPPAuthorizationExpires”=hex: “BIPAuthorizationExpires”=hex: “BPPAuthorizationExpires”=hex: “DoNotAutoConfigure”=dword: “AllowWakeup”=dword:00000000 “HidDisabled”=dword:00000000 “DefaultAudio”=dword:00000000 “Manufacturer”=dword:ffffffff “LmpVersion”=dword:00000000 “LmpSubVersion”=dword:00000000 “BRCMStack”=dword:00000000 “Code”=hex:00 “RemoteName”=hex:00 “HandsfreeCfg”=dword:00000002 “ConnectHfIfAvConnected”= “HandsFreeVersion”=dword: “PopUpGenForAccessPIM”=dword: “ShowUI”=dword:00000000 “DisableCallNumber”=dword: “ManualDun”=dword:00000000 “DesktopShortcutRemovedByBTW”= “ “PIMSyncInit”=dword:00000000 “PIMAcceptBizcard”=dword: “PIMAcceptCalendarItems”= “PIMAcceptEmailMessages”= “PIMAcceptNotes”=dword: “IconPath”=hex:43,00,3a,00,5c, 00,73,00,79,00,73,00,74,00,65, 52,00,65,00,73,00,2e,00,64,00, 00,00,00 “AllowHFCalls”=dword:00000001 “VoiceRecognitionEnabled”= “SupportBroadcomFeatures”= “BroadcomFeatures”=dword: [HKEY_LOCAL_MACHINE\SOFTWARE\ “ServiceNameUTF8″=hex:41,56, “UUID”=dword:0000110c “Security”=dword:00000000 “DefaultConnection”=dword: “SdpAttr”=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\ “ServiceNameUTF8″=hex:41,75, “UUID”=dword:0000110a “Security”=dword:00000000 “DefaultConnection”=dword: “SdpAttr”=dword:00000000 —————————— Example Device 2 – external host MAC (device named Roku Player) —————————— [HKEY_LOCAL_MACHINE\SOFTWARE\ “Name”=hex:52,6f,6b,75,20,50, “DevClass”=hex:00,04,24 “Features”=hex:00,00,00,00,00, “TimeStamp”=dword:000040f8 “FTPAuthorizationExpires”=hex: “OPPAuthorizationExpires”=hex: “BIPAuthorizationExpires”=hex: “BPPAuthorizationExpires”=hex: “DoNotAutoConfigure”=dword: “AllowWakeup”=dword:00000000 “HidDisabled”=dword:00000000 “DefaultAudio”=dword:00000000 “Manufacturer”=dword:ffffffff “LmpVersion”=dword:00000000 “LmpSubVersion”=dword:00000000 “BRCMStack”=dword:00000000 “Code”=hex:00 “RemoteName”=hex:00 “HandsfreeCfg”=dword:00000002 “ConnectHfIfAvConnected”= “HandsFreeVersion”=dword: “PopUpGenForAccessPIM”=dword: “ShowUI”=dword:00000001 “DisableCallNumber”=dword: “ManualDun”=dword:00000000 “DesktopShortcutRemovedByBTW”= “ “PIMSyncInit”=dword:00000000 “PIMAcceptBizcard”=dword: “PIMAcceptCalendarItems”= “PIMAcceptEmailMessages”= “PIMAcceptNotes”=dword: “IconPath”=hex:00,00 “AllowHFCalls”=dword:00000001 “VoiceRecognitionEnabled”= “SupportBroadcomFeatures”= “BroadcomFeatures”=dword: |
↧
Bluetooth Connected Device Artifcacts (Broadcom Widcomm)
↧