Connection lost…and found: How Bluetooth artifacts cracked a case

In this series, Chad Gish, CID/SISU Detective, Metropolitan Nashville Police Department shares some noteworthy cases in his extensive career where tools like Magnet Axiom were able to help close a difficult case.

Digital evidence possesses the remarkable ability to accelerate investigations and frequently establishes a clear trail of evidence. Even a small fraction of this digital gold can often serve as a pivotal starting point, guiding investigators toward essential leads or critical breakthroughs that might otherwise not have been obtained.

In this real scenario, we share how this precisely unfolded in a recent homicide investigation and how Magnet Forensics tools were vital to the investigation.

Finding information from a mobile device after a tragic murder

A victim was tragically shot and killed as he walked to his vehicle and an investigative team quickly concluded that robbery motivated this ambush-style murder.

During the investigation, authorities discovered an abandoned iPhone on the pavement near the site from where the suspect’s car sped away. Despite being safeguarded by a six-digit PIN, the iPhone was in the After First Unlock (AFU) state. Leveraging Magnet Graykey, investigators obtained an AFU extraction and Magnet Axiom was subsequently employed to analyze the data.

Recognizing the suspect most likely dropped the phone before fleeing in the car, the forensic investigator quickly began analyzing data on the phone, resulting in minimal findings. Trusting his intuition, he examined Bluetooth connections with the aim of establishing whether the phone had been paired with the vehicle that fled.

Axiom lists Bluetooth Devices in the Connected Devices category
Axiom lists Bluetooth Devices in the Connected Devices category

Upon discovering the crucial connection, the digital detective immediately reached out to the lead investigator, inquiring about witness statements or surveillance video that could identify the make and model of the getaway car.

Unfortunately, there were no witnesses, and the only available cameras were positioned at a considerable distance, unable to precisely identify the vehicle’s make and model. Detectives were only able to confirm it was a white, four-door car. 

He informed the investigator that the suspect’s vehicle was likely a Nissan Altima. This conclusion stemmed from a Bluetooth connection between the iPhone and the vehicle, with the connection name on the phone being displaying as “Nissan Altima.”

The above excerpt from AXIOM Column View displays the MAC Address and Last Seen Date and Time of the connected device. The Last Seen Date/Time indicates the moment when the phone disconnected from its paired device. In the instance of the Nissan Altima, the last seen date and time was corroborated with the timestamp from the distant surveillance camera, listing the exact time the car sped away and disconnected from the abandoned iPhone. 
The above excerpt from AXIOM Column View displays the MAC Address and Last Seen Date and Time of the connected device. The Last Seen Date/Time indicates the moment when the phone disconnected from its paired device. In the instance of the Nissan Altima, the last seen date and time was corroborated with the timestamp from the distant surveillance camera, listing the exact time the car sped away and disconnected from the abandoned iPhone. 

A major breakthrough in the case

This initial clue provided a significant breakthrough mere hours after the murder. Acting swiftly, the homicide team initiated surveillance in high-crime areas and their efforts paid off when they identified a white Nissan Altima having evidence of bullet strikes on two of its doors.

Subsequent investigation revealed that the victim had been armed with a handgun, firing shots toward the suspect’s car before collapsing to the ground.

The vehicle was placed under surveillance and several suspects were apprehended when they entered the Altima. The examination of the Altima’s Bluetooth connections confirmed its pairing with the recovered phone through Bluetooth MAC address verification. Furthermore, the connection history between the iPhone and Altima was retrieved from the vehicle’s electronics. As it relates to physical evidence, the Altima’s door panels were removed and a bullet matching the victim’s weapon was discovered. Several suspects were indicted for first-degree murder.

AXIOM Details Card of a selected Bluetooth Device, detailing not only the metadata of the connection, but also the full path to the source file that contains this data.
AXIOM Details Card of a selected Bluetooth Device, detailing not only the metadata of the connection, but also the full path to the source file that contains this data.

The Bluetooth connection proved instrumental, ultimately facilitating the identification of the car, which in turn led to the recovery of physical evidence. All of this directly contributed to arrests that may not have otherwise occurred.

Once more, digital evidence played a pivotal role in solving the case and ensuring justice was served. Sometimes it’s just that one thing that solves the case. In this instance, it was the Bluetooth connection, or disconnection, that made all the difference.  

See for yourself how Magnet Axiom can help

Examine digital evidence from mobile, cloud, computer, and vehicle sources, alongside third-party extractions all in one case file with Magnet Axiom. Learn more about how you can use powerful and intuitive analytical tools to automatically surface case-relevant evidence quickly and try it today.

The post Connection lost…and found: How Bluetooth artifacts cracked a case    appeared first on Magnet Forensics.

Share:

More Posts

June 14, 2024 Weekly Wireless Wrap-Up

Good afternoon from Washington, DC!  Below you will find this week’s Wireless Wrap-Up; your update on the wireless telecommunications regulatory landscape, important wireless decisions, and more!  Here is your wrap-up: