Top 3 Features to Try in BlackLight 2019 R1
BlackBag is excited for customers to experience the powerful new features added to BlackLight 2019 R1.
Are you ready to dive into the improvements in the latest release? We think these top three features will have you reaching for BlackBag on your next case.
1- Image Categorization
Image categorization reduces review time by revealing images and videos that may contain categories of interest. BlackLight now includes Image Analyzer’s latest technology for machine learning based image analysis. Image Analyzer is a proven solution with years of experience in categorizing images. With Image Analyzer technology built in, users can run image categorization across pictures and videos with no Internet connection.
For this release, BlackLight looks for the following categories:
All available threat categories run when using Image Categorization in BlackLight. Improvements to image categorization, including new threat categories, are provided with new releases of BlackLight. To request new image categories, use the product feedback form.
To run image categorization during ingestion, check the Classify Threat Categories options under Picture Analysis or Video Analysis.
Threat Categories scores are displayed in the ‘File Information Pane’, or the Metadata tab in ‘File Content Viewer.’
Navigate to ‘Media’ view to sort content by Threat Category.
For additional information on using Image Analyzer see the User Guide “What’s New” Section.
2 – Smart Indexing
Creating an index of text documents on a device allows an examiner to quickly find if a particular topic is mentioned within the evidence set. The process of creating an index has historically been time-consuming and resulted in bloated cases sizes. However, new advancements around indexing allow BlackLight to provide users with a quick and efficient index. Once built, investigators can follow where the leads take them. Make fast sequential queries of the index for words without waiting for a traditional search of the drive contents.
For the initial release, BlackLight provides index capabilities only for allocated files on the file system. These are the files most relevant and likely to be useful for prosecution. Data extracted by BlackLight from inside of container files, like internet, email, or archives, as a result of processing are not included but will follow shortly.
First, users choose to index a volume either when adding evidence or after processing.
Next, after the index is created, choose to add a new Index Search to create a new query.
An Index Search allows the examiner to search for:
- specific words
- combinations of words in the same documents
- file size
Finally, BlackLight’s index search uses options like proximity and Boolean logic (AND OR and NOT), to further define which files are most relevant. Each file with hits is seen in the top table. Below the files that were found with the query, users view a preview of hits for the highlighted file(s). Users can highlight multiple files to see hits across files in the preview area. Finally, highlighting a specific hit will display it the file in the tabs below. For more information about how to search, including a cheat sheet of operators, see the release notes.
3 – Export Files to Logical Evidence Files (.L01)
The EnCase® Logical Evidence File Format (L01) is widely supported by Forensic and eDiscovery tools and preserves file content, metadata, and folder structure. BlackLight now allows you to create Logical Evidence Files directly as an export option. Logical evidence files are created using the [Export] menu. Metadata and folder structure are maintained for files and folders exported in logical evidence files. Select the files and folder to include in the logical evidence file. Access the [Export] by right (contextual) clicking, or from the [Action] menu.
In addition to the functionality highlighted above, this latest release includes several improvements to our Windows 10 and Apple macOS Mojave support. Check out the Actionable Intel tabs for additional supported operating systems artifacts. For all the new features, including new Investigative Notes, see the release notes.
Want to see BlackLight 2019 R1 it in Action?
- Apple T2 Chip Systems: Create Decrypted Physical Images With MacQuisition - May 8, 2019
- Top 3 Features to Try in BlackLight 2019 R1 - April 22, 2019
- Tagging Improvements as easy as 1-2-3 with BlackLight 2018 R4 - December 27, 2018