The release of BlackLight 2017 R1 sees numerous under the hood improvements. Our old filesystem parsers have been replaced with parsers built from The Sleuth Kit library, as well as a new hybrid SQLite / Postgres database configuration. The Sleuth Kit is a solid and well-crafted library that offers the confidence to implement these changes in BlackLight 2017 R1. It is an industry leader in open source forensic framework for analysis of volumes and system data.
BlackLight offers the forensics community the most comprehensive forensics analysis software for all major platforms: Windows, Android, iOS, and macOS. By combining the intuitive graphical interface of BlackLight with the power of The Sleuth Kit, we are able to offer the best option for smart and fast comprehensive forensic analysis.
The Sleuth Kit library can be used to examine most computers running Windows, macOS, and Linux/UNIX. Updated parsers within BlackLight 2017 R1 include parsers for the following filesystems:
- Hierarchical File System Plus (HFS Plus)
- File Allocation Table (FAT) - FAT12/FAT16/Fat32
- New Technology File System (NTFS)
BlackLight 2017 R1 will also include file system parsers for ExFAT, Ext2, Ext3, Ext4, UFS 1/2, ISO9660 (CD-ROM), and YAFFS2, which are all provided by The Sleuth Kit library. While BlackLight 2017 R1 will allow the ingestion and parsing of these filesystems, the testing of these within the software remains ongoing. Keep an eye on our blog for further updates on testing.
Forensic examiners trust the proven performance of BlackLight to quickly analyze computer volumes and mobile devices. BlackLight also helps you save time by revealing user actions through the use of our Actionable Intel view, as well as detailed analysis of memory images.
Not using BlackLight yet? Find out more about this smart, comprehensive and trusted forensic analysis software by contacting a member of the BlackBag Sales Team.
For more information about BlackLight 2017 R1 or to upgrade, please contact a member of the BlackBag Sales Team.