BlackBag Announces Release of BlackLight 2019 R2
BlackLight 2019 R2 is now available! This release is packed full of powerful features customers have requested and need to complete investigations quickly and efficiently.
Enhancements and improvements include:
- Archive File Processing
- APOLLO Support via the new Plugin Manager
- Berla iVe Support
- Semantics21 Integration
- New Image Threat Categories identified, including CSAM, Documents, and Identification in Media
- Expanded Smart Indexing Capabilities
- Updates to Export Features
- HEIC added to Pictures in Graphic File Filter
- MKV and SWF Video types added to File Typing and Carving
- Improved PhotoDNA processing
New feature highlights:
Archive File Processing
Archive files can be processed in BlackLight either individually or across an entire volume or device. BlackLight now processes the following archive file types: zip, gz, 7z, tar, and rar. Archives are expanded down to two levels of nested archives.
Process Archives appears as an evidence ingestion option. When the Process Archives option is chosen, all of the archive files on the volume or device selected will be expanded and stored in the BlackLight case files. The data in the expanded archives will be available for other processes run during ingestion (File Signature Analysis, Picture Analysis, Hash Calculation, Smart Indexing, etc.).
Plugin Manager – APOLLO Support
Continuing to expand our ability to integrate with forensic resources, BlackLight now has a Plugin Manager. At this time, the Plugin Manager provides a way to integrate Apple Pattern of Life Lazy Output’er (APOLLO) into BlackLight.
APOLLO, written by Sarah Edwards, is a script which runs a series of queries against the SQLite databases on iOS® and macOS devices. APOLLO’s power is in the SQL queries, each query designed to look at specific iOS data. The queries are categorized by function and stored in text files. APOLLO aims to easily correlate multiple databases with hundreds of thousands of records in order to determine what has happened on the device. For more information on APOLLO, Sarah Edwards has a series of blog posts at https://www.mac4n6.com/blog/.
Berla iVe Support
Working with the Berla Corp, BlackLight is now capable of importing data exported from Berla iVe. Berla Corp is the industry leader in vehicle forensics. Vehicle computers contain a large amount of data useful during an investigation. Data such as routes, vehicle events, location data, connected device, and media can all be contained in computers in a vehicle. Once the data is acquired using the Berla iVe ecosystem, it is then imported into Berla’s iVe forensic software. Berla Corp has added an option in iVe Desktop to export data to a .ivx database for import into BlackLight. BlackLight ingests the .ivx database and processes the data.
In our continued efforts to empower law enforcement and government agencies worldwide to combat the child exploitation epidemic, BlackLight now provides integration with Semantics21 (S21). Semantics21 provides the LASERi suite of tools to examine pictures, animations, and videos. Once images are brought into the tool, they can be categorized into generic categories numbered 0-9 based on users’ preferences.
New Threat Categories Identified in Media
Image Analyzer Threat Categories have been updated in BlackLight 2019 R2. Threat Categories now include:
- Child Sexual Abuse Material (CSAM)
To learn more about these features and additional enhancements, visit www.blackbagtech.com/products/blacklight
- Utilizing the Portable Case Feature in BlackLight - August 14, 2020
- BlackLight’s Cluster Map - July 21, 2020
- Apple Keychain Parsing in BlackLight - June 24, 2020