Insights Blog

Top 3 Features to Try in BlackLight 2019 R1

BlackBag is excited for customers to experience the powerful new features added to BlackLight 2019 R1.

Are you ready to dive into the improvements in the latest release? We think these top three features will have you reaching for BlackBag on your next case.

1- Image Categorization

Image categorization reduces review time by revealing images and videos that may contain categories of interest.  BlackLight now includes Image Analyzer’s latest technology for machine learning based image analysis.  Image Analyzer is a proven solution with years of experience in categorizing images.  With Image Analyzer technology built in, users can run image categorization across pictures and videos with no Internet connection.

For this release, BlackLight looks for the following categories:

  • Porn
  • Weapons
  • Drugs
  • Extremism
  • Gore
  • Alcohol
  • Swimwear/Underwear

All available threat categories run when using Image Categorization in BlackLight. Improvements to image categorization, including new threat categories, are provided with new releases of BlackLight. To request new image categories, use the product feedback form.

To run image categorization during ingestion, check the Classify Threat Categories options under Picture Analysis or Video Analysis.

BlackLight 2019 R1: check the Classify Threat Categories options under Picture Analysis or Video Analysis.

BlackLight 2019 R1: check the Classify Threat Categories options under Picture Analysis or Video Analysis.

Threat Categories scores are displayed in the ‘File Information Pane’, or the Metadata tab in ‘File Content Viewer.’

BlackLight 2019 R1: Viewing the threat category scores

BlackLight 2019 R1: Viewing the threat category scores

Navigate to ‘Media’ view to sort content by Threat Category.

BlackLight 2019 R1: Users can navigate to the ‘Media’ view to sort content by Threat Category.

BlackLight 2019 R1: Users can navigate to the ‘Media’ view to sort content by Threat Category.

For additional information on using Image Analyzer see the User Guide “What’s New” Section.

2 – Smart Indexing

Creating an index of text documents on a device allows an examiner to quickly find if a particular topic is mentioned within the evidence set.  The process of creating an index has historically been time-consuming and resulted in bloated cases sizes. However, new advancements around indexing allow BlackLight to provide users with a quick and efficient index. Once built, investigators can follow where the leads take them. Make fast sequential queries of the index for words without waiting for a traditional search of the drive contents.

For the initial release, BlackLight provides index capabilities only for allocated files on the file system. These are the files most relevant and likely to be useful for prosecution. Data extracted by BlackLight from inside of container files, like internet, email, or archives, as a result of processing are not included but will follow shortly.

First, users choose to index a volume either when adding evidence or after processing.

Next, after the index is created, choose to add a new Index Search to create a new query.

BlackLight 2019 R1: adding a new Index Search to create a new query

BlackLight 2019 R1: adding a new Index Search to create a new query

An Index Search allows the examiner to search for:

  • specific words
  • combinations of words in the same documents
  • pathnames
  • file size
  • dates

Finally, BlackLight’s index search uses options like proximity and Boolean logic (AND OR and NOT), to further define which files are most relevant.  Each file with hits is seen in the top table.  Below the files that were found with the query, users view a preview of hits for the highlighted file(s).  Users can highlight multiple files to see hits across files in the preview area.  Finally, highlighting a specific hit will display it the file in the tabs below. For more information about how to search, including a cheat sheet of operators, see the release notes.

3 – Export Files to Logical Evidence Files (.L01)

The EnCase® Logical Evidence File Format (L01) is widely supported by Forensic and eDiscovery tools and preserves file content, metadata, and folder structure.  BlackLight now allows you to create Logical Evidence Files directly as an export option.  Logical evidence files are created using the [Export] menu.  Metadata and folder structure are maintained for files and folders exported in logical evidence files.  Select the files and folder to include in the logical evidence file.  Access the [Export] by right (contextual) clicking, or from the [Action] menu.

BlackLight 2019 R1: Export selected files as Logical Evidence File Format (.L01)

Additional Improvements

In addition to the functionality highlighted above, this latest release includes several improvements to our Windows 10 and Apple macOS Mojave support. Check out the Actionable Intel tabs for additional supported operating systems artifacts. For all the new features, including new Investigative Notes, see the release notes.

Want to see BlackLight 2019 R1 it in Action?

Register here for our on-demand webinar to see how BlackLight’s latest features give examiners the insight they need to thoroughly and efficiently handle their everyday caseload.

webinar timesaving techniques

 

Ashley Hernandez

Ashley believes digital forensics provides law enforcement, government, and corporations the crucial ability to determine facts pertinent to solving criminal and civil matters and to examine security incidents.With over 15 years’ experience in the field, she has taught and certified investigators in digital forensics and security topics; including speaking at many digital forensics and law enforcement conferences.She holds a Bachelor of Science in Computer Science from Sonoma State University.
Ashley Hernandez