BlackLight®

BlackLight quickly analyzes computer volumes and mobile devices. It sheds light on user actions and now even includes analysis of memory images. BlackLight allows for easy searching, filtering and otherwise sifting through large data sets. It can logically acquire Android and iPhone/iPad devices, runs on Windows and Mac OS X, and can analyze data from all four major platforms within one interface. It’s simply the best option available for smart, comprehensive analysis.


Add to Cart Request Trial
Request a Quote Renew
 
 
  Features    Latest Release    System Requirements    Pricing  

Details

Actionable Intel

Easily Uncover User Actions

BlackLight’s Actionable Intel view allows examiners to view various data points that can be attributed to a user's actions. Traces of potentially important user activity from many disparate locations are organized for practical, efficient examination. Elements include:

  • Windows Registry artifacts - recently executed files and programs, link files, jumplists, Prefetch and Superfetch data
  • Device connection data for all devices previously connected to the system, including USB device connection dates/times and the associated user account
  • iOS device backups
  • Recent file downloads
  • Trash (for Mac OS X volumes) and Recycle Bin (for Windows volumes)
  • Current and deleted user account info


Memory

Analyze Windows Memory Files

  • Analyzes several types of memory files, including raw dumps, Hibernation files (from Windows Vista or 7), pagefile.sys, and crash dumps (full, from Windows Vista or 7)
  • Performs file carving and bulk extraction content searches (for numerous items such as URLs, addresses, phone numbers, etc.)
  • Features a Memory subview for analyzing processes, libraries, sockets, handles, and drivers
  • Processes memory files many times faster than traditional open-source forensic tools

File Filter View

Efficiently Sift Through Large Data Sets

BlackLight's signature File Filter view includes examiner-defined filter options to quickly pinpoint relevant data within large data sets. Filter criteria include:

  • File name, kind, size, or extension
  • Date created, modified, or accessed
  • Picture metadata attributes, including GPS coordinates and camera (iPhone/iPad device) type
  • Positive and negative hash set filtering

Examiners may apply any number of filters or inverse filters to quickly isolate important data from system files or base application files. BlackLight comes with several pre-set file filters, including those that filter by file type, file attribute, geolocation coordinates, and source device type.


Media

Find the Picture and Video Evidence You Need

BlackLight's Media view has built-in support for all commonly used picture and video file types, and it includes several helpful and examiner-oriented analysis features, such as:

  • Built-in GPS Mapping:
    • All media files containing GPS data will be identified with a placemark badge
    • Examiners can view media geolocation data on a Mercator map (offline) or using Google Maps (online) directly from the built-in GPS view
  • Proprietary Skin Tone Analysis Algorithm:
    • Sort picture and video files by the skin tone percentage contained in the file
  • Video Frame Analysis:
    • BlackLight initially displays video files as 4x4 frame sequences, allowing examiners to quickly triage multiple video files in order to locate potential evidence

Communications

Recover Every Message from the Most Common Source

The Communication view in BlackLight allows examiners to see a full log of calls, voicemail, social media activity, and more. Most importantly, examiners can view messaging threads in list view or in their native format, with support for data from:

  • Text Services (SMS/MMS, iMessage)
  • Messaging Apps (Skype, Kik, TextPlus, TextFree, Tango)
  • Social Media (Facebook, Twitter, LinkedIn, Foursquare/Swarm)


Reporting

Customize Your Report

BlackLight is designed to make reporting incredibly flexible. Examiners may export large data sets in an easily readable format, and can export reports in a variety of formats to enable easy information sharing with all interested third parties. With BlackLight's Report view, you can:

  • Easily tag evidence and include any and all relevant metadata in the examiner report
  • Export your report in your choice of formats, including .pdf, .html, .docx, and .txt
  • Export eDiscovery data to a generic Concordance load file that is compatible with all major review platforms
  • Mask (blur) sensitive data contained within examiner reports that may be shared with non-authorized third parties

BlackLight 2016 R2 features numerous improvements to make casework easier, including the following:


  • Improved Offline Maps - vastly improved offline maps, based on OpenStreetMap
  • Additional Email Parsing and Analysis - multiple Outlook formats and more
  • New Data Ingestion User Interface - easier and more intuitive to add evidence to a case
  • Tear-Off ‘File Content Viewer’ - simultaneously view multiple copies of the ‘File Content Viewer’

Plus:

  • Secondary Column Sorting - add a secondary sort by Shift-clicking a second column header
  • Column Reordering - easily customize which columns are displayed, and in what order
  • File Entropy - available as a sortable column for display in the 'Browser' and 'File Filter' views, also available as an individual file filter
  • Updated 'Media' view - allows for more options in sorting through visual media files (OS thumbs, pictures, videos, or all combined)
  • Improved Exporting of Contacts Data to Tab-Delimited and CSV Files - all fields of contact data are now included in exports
  • Search Results Begin Displaying Before Search Is Complete - helps aid decisions about whether to allow the search to play out, or whether to pause and revise search criteria

Additional Information

Operating System Specification Mac OS X Mavericks (10.9) or higher / Windows 7 or higher
Compatibility BlackLight runs on Intel® based systems only
BlackLight requires the following additional software:
• iTunes 12.4 or higher
• QuickTime 7.6.9 or higher for Mac, and Windows Media Player 12 for Windows
Minimum Requirements • Mac OS X Mavericks (10.9) or Windows 7
• 2.6 GHz Intel Dual Core i5
• 8 GB 1067 MHz DDR3
• 25GB of Disk Space
• 1024 x 768 or higher screen resolution
Optimum Requirements • Mac OS X Yosemite (10.10.4) Windows® 10
• 3.1 GHz 6-Core Intel Xeon E5 or better
• 16 GB 1866 MHz DDR3
• 25GB of Disk Space
• 1680 x 1050 or higher screen resolution

*Note: For Windows systems, BlackLight uses whatever the default app may be for playing media files. Windows Media Player 12 is recommended. If Windows examiners do not have QuickTime installed and they wish to play certain file types such as .AMR files (voicemail, etc.) they will need to install some non-default codecs, following the instructions found here: http://shark007.net/win8codecs.html

The initial software license price for BlackLight is $3,400 USD (private sector) and $2,400 USD (government). This entitles license holders to all BlackLight software updates at no additional cost for one year. After the one-year license period has expired, customers may purchase a license subscription for $1200 (private sector) and $850 (government) per year to continue receiving all BlackLight software updates at no additional cost during the one-year subscription period.


InitialRenewal
Private Sector $3,400 $1200
Government $2,400 $850


There is no software functionality or customer support penalty if a customer does not renew their BlackLight license subscription. Our BlackLight software remains fully functional, and we continue to provide unlimited technical support to our customers even after a BlackLight license expires. However, customers no longer receive all BlackLight software updates at no additional cost once their license expires.