BlackLight®

BlackLight quickly analyzes computer volumes and mobile devices. It sheds light on user actions and now even includes analysis of memory images. BlackLight allows for easy searching, filtering and otherwise sifting through large data sets. It can logically acquire Android and iPhone/iPad devices, runs on Windows and Mac OS X, and can analyze data from all four major platforms within one interface. It’s simply the best option available for smart, comprehensive analysis.


Add to Cart Request Trial
Request a Quote Renew
 
 
  Features    Latest Release    System Requirements    Pricing  

Details

Actionable Intel

Easily Uncover User Actions

BlackLight’s Actionable Intel view allows examiners to view various data points that can be attributed to a user's actions. Traces of potentially important user activity from many disparate locations are organized for practical, efficient examination. Elements include:

  • Windows Registry artifacts - recently executed files and programs, link files, jumplists, Prefetch and Superfetch data
  • Device connection data for all devices previously connected to the system, including USB device connection dates/times and the associated user account
  • iOS device backups
  • Recent file downloads
  • Trash (for Mac OS X volumes) and Recycle Bin (for Windows volumes)
  • Current and deleted user account info


Memory

Analyze Windows Memory Files

  • Analyzes several types of memory files, including raw dumps, Hibernation files (from Windows Vista or 7), pagefile.sys, and crash dumps (full, from Windows Vista or 7)
  • Performs file carving and bulk extraction content searches (for numerous items such as URLs, addresses, phone numbers, etc.)
  • Features a Memory subview for analyzing processes, libraries, sockets, handles, and drivers
  • Processes memory files many times faster than traditional open-source forensic tools

File Filter View

Efficiently Sift Through Large Data Sets

BlackLight's signature File Filter view includes examiner-defined filter options to quickly pinpoint relevant data within large data sets. Filter criteria include:

  • File name, kind, size, or extension
  • Date created, modified, or accessed
  • Picture metadata attributes, including GPS coordinates and camera (iPhone/iPad device) type
  • Positive and negative hash set filtering

Examiners may apply any number of filters or inverse filters to quickly isolate important data from system files or base application files. BlackLight comes with several pre-set file filters, including those that filter by file type, file attribute, geolocation coordinates, and source device type.


Media

Find the Picture and Video Evidence You Need

BlackLight's Media view has built-in support for all commonly used picture and video file types, and it includes several helpful and examiner-oriented analysis features, such as:

  • Built-in GPS Mapping:
    • All media files containing GPS data will be identified with a placemark badge
    • Examiners can view media geolocation data on a Mercator map (offline) or using Google Maps (online) directly from the built-in GPS view
  • Proprietary Skin Tone Analysis Algorithm:
    • Sort picture and video files by the skin tone percentage contained in the file
  • Video Frame Analysis:
    • BlackLight initially displays video files as 4x4 frame sequences, allowing examiners to quickly triage multiple video files in order to locate potential evidence

Communications

Recover Every Message from the Most Common Source

The Communication view in BlackLight allows examiners to see a full log of calls, voicemail, social media activity, and more. Most importantly, examiners can view messaging threads in list view or in their native format, with support for data from:

  • Text Services (SMS/MMS, iMessage)
  • Messaging Apps (Skype, Kik, TextPlus, TextFree, Tango)
  • Social Media (Facebook, Twitter, LinkedIn, Foursquare/Swarm)


Reporting

Customize Your Report

BlackLight is designed to make reporting incredibly flexible. Examiners may export large data sets in an easily readable format, and can export reports in a variety of formats to enable easy information sharing with all interested third parties. With BlackLight's Report view, you can:

  • Easily tag evidence and include any and all relevant metadata in the examiner report
  • Export your report in your choice of formats, including .pdf, .html, .docx, and .txt
  • Export eDiscovery data to a generic Concordance load file that is compatible with all major review platforms
  • Mask (blur) sensitive data contained within examiner reports that may be shared with non-authorized third parties

With the 2016 R1 release, BlackLight's already robust capabilities have been significantly bolstered with the addition of many new features, including the following:


  • Built-in Windows memory (RAM) file analysis
    • Raw, hiberfil.sys (Hibernation file, from Vista or 7), pagefile.sys, and crash dumps (full, from Vista or 7)
    • File carving
    • Bulk extraction content searches (for numerous items such as URLs, addresses, phone numbers, etc.)
    • New 'Memory' subview dedicated to memory file artifacts (processes, libraries, sockets, handles, and drivers)
    • For further information, view our blog post on "Windows Memory Forensics"
  • Parsing of Volume Shadow Copies for Windows volumes
  • Parsing of valuable log files
    • Windows $LogFile (disk activity)
    • Windows $USNJRNL (change journal)
    • OS X .fseventsd (file system events)
  • Ability to run queries on SQLite databases

Additional Information

Operating System Specification Mac OS X Mountain Lion (10.8.0) or higher / Windows 7 or higher
Compatibility BlackLight runs on Intel based systems only
BlackLight requires the following additional software:
• iTunes 11.0.1 or newer
• QuickTime 7.6.9 or higher
Minimum Requirements 2.8 GHz Intel Core 2 Duo
4 GB 1067 MHz DDR3 RAM
500 MB Disk Space (Installation Only)
1024 x 768 or higher screen resolution
Optimum Requirements 2.2 GHz Quad-Core Intel i7 or better
16 GB 1333 MHz DDR3 RAM
500 MB Disk Space (Installation Only)
1680 x 1050 or higher screen resolution

The initial software license price for BlackLight is $3,400 USD (private sector) and $2,400 USD (government). This entitles license holders to all BlackLight software updates at no additional cost for one year. After the one-year license period has expired, customers may purchase a license subscription for $1200 (private sector) and $850 (government) per year to continue receiving all BlackLight software updates at no additional cost during the one-year subscription period.


InitialRenewal
Private Sector $3,400 $1200
Government $2,400 $850


There is no software functionality or customer support penalty if a customer does not renew their BlackLight license subscription. Our BlackLight software remains fully functional, and we continue to provide unlimited technical support to our customers even after a BlackLight license expires. However, customers no longer receive all BlackLight software updates at no additional cost once their license expires.