We are pleased to announce this year's major release of BlackLight, BlackBag Technologies’ comprehensive Windows, Android, iPhone/iPad and Mac forensic analysis software.
With BlackLight 2017 R1 examiners will benefit from the many new features and enhancements that will help them find important data fast. We have certainly been working hard on behalf of our customers to provide the best multi-platform forensic tool, packed with the functionality they need.
To make casework easier, BlackLight 2017 R1 features include:
- Export media to LACE, C4ALL, and Project VIC formats for further analysis
- Support for EML formatted email files, included on the easy Communication view
- Identify ‘Recent’ documents and applications from Mac OS 10.11 and 10.12
- Ingest Mac sparse images directly into BlackLight
- Latest phones and operating systems, including iPhone 8, iOS 11 and Android 8.0 (Oreo)
- Full collections from iOS 11 including from iTunes Backups
- Users are now prompted for passwords for iOS 11 Encrypted backups to complete the collection
- Generate reports in CSV format to allow examiners to review data in external programs
- Ability to export case data as XML for import into various analytic tools
- New ‘Reset’ button when filtering the current view or searching to easily start a new filter or search of items for example messages and media
- Updated hash set support to include identifying ‘Known’ and ‘Trusted’ items from hashsets.com, for the latest Mac and Windows Operating Systems
- BETA support for parsing ExFAT, ISO9660, EXT 2, EXT 3, EXT 4, UFS, and YAFFS2 file systems
NEW FEATURE HIGHLIGHTS
LACE, C4ALL, AND PROJECT VIC
BlackLight 2017 R1 now provides law enforcement with an even tighter integration with the tools needed to identify victims in child exploitation cases. This update includes support for exporting evidence to BlueBear LACE, Project VIC (v1.1, v1.2, and v1.3), and C4All data models in addition to ongoing support for filtering of known images. By providing integrated support for these widely used tools, examiners involved in child exploitation cases will save time and can focus their resources more effectively. Evidence that contains pictures and videos can be exported to these formats, and then imported into the respective utility for further processing.
MAC EMAIL FILE FORMAT - EML SUPPORT
We have listened to our customers and are now offering more email support through BlackLight to assist in criminal, civil and internal investigations. Investigators are now able to ingest .eml files acquired from a live system and view them in BlackLight’s ‘Communication’ view.
This new feature adds to the already powerful ‘Communication’ view. Earlier releases of BlackLight allow examiners to see a full log of calls, voicemails, social media activity, and more. By adding .eml support, BlackLight 2017 R1 extends that extensive recovery of messages to even more sources, with additional formats coming in future releases.
PARSE ‘RECENT ITEMS’
By importing an image of a OS 10.11 or OS 10.12 system into BlackLight 2017 R1, examiners are now able to view which documents have recently been opened and which applications recently used. BlackLight parses these files and displays the content within the ‘Actionable Intel - Recent Items’ view. These records will give examiners a clearer picture of recent activity on the system, allowing them to shed light on further data points that can be attributed to a user's actions.
INGEST MAC SPARSE IMAGES
Examiners will be able to ingest sparse bundles and sparse images directly into BlackLight 2017 R1 and view their content. Unlike other software, examiners using Windows systems, can now also view the sparse image directly on their examination system, without the need to switch computers and mount the image or bundle on a Mac.
LATEST PHONES AND OPERATING SYSTEMS SUPPORT
The continuous release of new phones and operating systems cause ongoing challenges for the digital forensic community. Here at BlackBag, we continue to work to support all the devices and systems that our customers encounter in the field. This BlackLight release supports the latest phones and operating systems, including iPhone 8 and devices running iOS 11, or Android 8.0 (Oreo). BlackLight 2017 R1 will properly identify the device so a full or limited collection can be conducted.
Learn more about BlackLight
To learn more about BlackLight, including more about these features, check out our comprehensive training options; including free, self-paced or in-depth courses at blackbagtech.com/training.html. Our Instructors have years of law enforcement and digital forensics experience and actively support investigators in the field.
Your feedback fuels the design
BlackBag strives to keep up with the ever-changing needs of today’s examiners and to provide investigators the solutions they need to solve the critical issues they face every day. As we continue to grow and perfect new features and functionality within BlackLight, we need you to continue to provide the insightful feedback that has allowed us to develop the tool we are proud to offer today. If you would like to submit feedback or suggestions please contact us through our product feedback form.