Insights Blog

You Asked, We Answered: New BlackLight Enhancements for 2018 R2

We are very excited to announce BlackLight 2018 R2 is officially released and includes top customer requested features. BlackBag values you and your feedback! This release is all about the customer. We added the top 3 most popular customer requests AND, remembering our Mac Forensic fans, provided new support for Spotlight artifacts ….all in 2018 R2.

What’s New and Improved?

  • Ability to view and filter across multiple devices
  • Enhanced email support for EMLX parts and email reporting
  • Auto-adjust time zones for Daylight Savings Time
  • Ability to parse macOS Spotlight Indexes

See it in Action

Watch our Director of Product Management, Ashley Hernandez, walk through new features in this 4 minute overview video.

Top Features

1. Viewing and Filtering on Multiple Devices

BlackLight now supports viewing data from multiple devices at the same time without having to change selected devices.  Each evidence item is associated with a colored badge number.

Just check the box next to the evidence item and select on the desired view in BlackLight.

‘File Filter’ view shows the numbered badge in the first column for each responsive item

2. Improved Email Reporting

2018 R2 has improved parsing and reporting Apple’s EMLXPART files and EMLX partials. In addition, we now give the examiner the option to create previews for tagged email, enhancing the report and displaying emails as the user saw it.

When the report is generated, the email can be seen as well as previewed by clicking on the Preview link.  This will show the email as the user saw it.  Any attachments can also be seen in the preview of the report, as well as the attachment link.

3. Auto-Adjust for Daylight Savings Time

We recognize having to manually adjust times plus or minus hours and even minutes can be laborious and error prone.  BlackLight now recognizes daylight savings time shifts for different parts of the world. When you change the case time zone to the desired time zone, all dates and times will automatically be adjusted accordingly.

4. Spotlight Index Parsing

BlackLight now gives you the ability to parse macOS Spotlight indexes.  Spotlight is a system-wide search feature of macOS and the iOS operating systems.  It was designed to allow the user to quickly locate a wide variety of items on the computer, including documents, pictures, music, applications, and System Preferences. Specific words in documents and in web pages in a web browser’s history or bookmarks can be searched. It also allows the user to narrow down searches with creation dates, modification dates, sizes, types and other attributes.

Continue to Fuel our Designs

As we grow and perfect new features and functionality within our products, we need you to continue to provide the insightful feedback that has allowed us to develop the tool we are proud to offer today. If you would like to submit feedback or suggestions, please contact us through our product feedback form. Through your feedback, we can continue to provide investigators with the solutions they need to solve the critical issues they face every day.
To update to the latest version of Blacklight, click here.

In Case You Missed It:

Ask the Expert: The Importance of APFS Snapshots in Investigations

Our latest webinar on APFS Snapshots is now available to view on demand. In this webinar, Dr. Joe T. Sylve, Director of Research and Development at BlackBag, shows you how to go back in time to review what happened on an APFS volume. Dr. Sylve discusses details of the snapshot functionality built into APFS, why snapshots will be useful in your investigations and how you will be able to take advantage of snapshots in upcoming BlackLight releases.
If your tool of choice is not parsing APFS snapshots, then you may be missing data.

Register here to watch it on demand.

BlackBag Team