SIMs are out of the question for public wifi hotspots - to authenticate a SIM (via EAP-SIM or EAP-AKA) you need an existing relationship with the mobile carrier.
When it comes to MAC addresses, 1) there isn’t a central registry of addresses anyway so having the MAC address alone won’t help much in an investigation, 2) it can be set by the user so malicious users will fake their MAC address and 3) for privacy reasons most devices nowadays will generate unique MAC addresses for each network.
That's why I caveated the MAC, but if you managed to catch a non randomizing device or a randomizing device that hasn't disconnected (dumped in trash outside for instance) or which was powered down on network and not powered on until after arrest, you can still hit paydirt.
The IMEI and advertising ids are the more pressing ones though. Never underestimate the deanonymyzing power of someone else's UUID you aren't even aware you have.
Another angle is that devices that randomize will “reuse” the random address for the same SSID, afaik. So even the random Mac may be of value over time.
When it comes to MAC addresses, 1) there isn’t a central registry of addresses anyway so having the MAC address alone won’t help much in an investigation, 2) it can be set by the user so malicious users will fake their MAC address and 3) for privacy reasons most devices nowadays will generate unique MAC addresses for each network.