BlackLight

BlackLight quickly analyzes computer volumes and mobile devices. It sheds light on user actions and now even includes analysis of memory images. BlackLight allows for easy searching, filtering and otherwise sifting through large data sets. It can logically acquire Android and iPhone/iPad devices, runs on Windows and Mac OS X, and can analyze data from all four major platforms within one interface. It’s simply the best option available for smart, comprehensive analysis.

BlackLight 2018 Release includes full APFS support – when combined with MacQuisition 2018 R1, it is the world’s first complete end-to-end acquisition, decryption, and analysis solution the latest Apple File System

**Blackbag Technologies offers a free 2 day course Blacklight Tool Training. For more information see:
blackbagtech.com/training/courses/blacklight-tool-training.html

Features:

Actionable Intel view

BlackLight’s Actionable Intel view allows examiners to view various data points that can be attributed to a user’s actions. Traces of potentially important user activity from many disparate locations are organized for practical, efficient examination. Elements include:

  • Windows Registry artifacts – recently executed files and programs, link files, jumplists, Prefetch and Superfetch data
  • Device connection data for all devices previously connected to the system, including USB device connection dates/times and the associated user account
  • iOS device backups
  • Recent file downloads
  • Trash (for Mac OS X volumes) and Recycle Bin (for Windows volumes)
  • Current and deleted user account info

Analyze Windows Memory

  • Analyzes several types of memory files, including raw dumps, Hibernation files (Windows Vista to Windows 10), pagefile.sys, and crash dumps (full, from Windows Vista or 7)
  • Performs file carving and bulk extraction content searches (for numerous items such as URLs, addresses, phone numbers, etc.)
  • Features a Memory subview for analyzing processes, libraries, sockets, handles, and drivers
  • Processes memory files many times faster than traditional open-source forensic tools

Efficient filtering of large data sets

BlackLight’s signature File Filter view includes examiner-defined filter options to quickly pinpoint relevant data within large data sets.

Fast and efficient review of pictures and video

BlackLight’s Media view has built-in support for all commonly used picture and video file types, and it includes several helpful and examiner-oriented analysis features, such as:

  • Built-in GPS Mapping:
  • All media files containing GPS data will be identified with a placemark badge
  • Proprietary Skin Tone Analysis Algorithm:
  • Sort picture and video files by the skin tone percentage contained in the file
  • Video Frame Analysis:
  • BlackLight initially displays video files as 4×4 frame sequences, allowing examiners to quickly triage multiple video files in order to locate potential evidence

Communications

The Communication view in BlackLight allows examiners to see a full log of calls, voicemail, social media activity, and more. Most importantly, examiners can view messaging threads in list view or in their native format, with support for data from:

  • Text Services (SMS/MMS, iMessage)
  • Messaging Apps (Skype, Kik, TextPlus, TextFree, Tango)
  • Social Media (Facebook, Twitter, LinkedIn, Foursquare/Swarm)

Reporting

BlackLight is designed to make reporting incredibly flexible. Examiners may export large data sets in an easily readable format, and can export reports in a variety of formats to enable easy information sharing with all interested third parties. With BlackLight’s Report view, you can:

  • Easily tag evidence and include any and all relevant metadata in the examiner report
  • Export your report in your choice of formats, including .pdf, .html, .docx, and .txt
  • Export eDiscovery data to a generic Concordance load file that is compatible with all major review platforms
  • Mask (blur) sensitive data contained within examiner reports that may be shared with non-authorized third parties

Additional Features:

  • Export media to LACE, C4ALL, and Project VIC formats for further analysis
  • Support for EML formatted email files, included on the easy Communication view
  • Identify ‘Recent’ documents and applications from Mac OS 10.11 and 10.12
  • Latest phones and operating systems, including iPhone 8, iOS 11 and Android 8.0 (Oreo)
  • Ingest Mac sparse images directly into BlackLight
  • Full collections from iOS 11 including from iTunes Backups
  • Users are now prompted for passwords for iOS 11 Encrypted backups to complete the collection
  • Generate reports in CSV format to allow examiners to review data in external programs
  • Ability to export case data as XML for import into various analytic tools
  • New ‘Reset’ button when filtering the current view or searching to easily start a new filter or search of items, for example messages and media filters
  • Updated hash set support to include identifying ‘Known’ and ‘Trusted’ items from hashsets.com, for the latest Mac and Windows Operating Systems
  • BETA support for parsing ExFAT, ISO9660, EXT 2, EXT 3, EXT 4, UFS, and YAFFS2 file systems
  • Updated Parsing for FSevent Files
  • Windows 10 Fall Creators Update
  • EWMounter Additional Drive Support
  • Improved Volume Shadow Copy (VSC) Display

In addition, it includes beta support for latest versions of the following mobile applications:

  • WeChat
  • Facebook Messenger
  • Line
  • WhatsApp

Request a Quote