We’re pleased to announce this year’s second major release of BlackLight, BlackBag’s comprehensive Windows, Android, iPhone/iPad and Mac forensic analysis software!
BlackLight, for those not already familiar with it, quickly analyzes computer volumes and mobile devices. It sheds light on user actions and now even includes analysis of memory images. BlackLight allows for easy searching, filtering and otherwise sifting through large data sets. It can logically acquire Android and iPhone/iPad devices, runs on Windows and Mac OS X, and can analyze data from all four major platforms within one interface.BlackLight 2016 R2 features numerous improvements to make casework easier, including the following:
• Improved Offline Maps – vastly improved offline maps, based on OpenStreetMap *detailed below*
• Additional Email Parsing and Analysis – multiple Outlook formats and more *detailed below*
• New Data Ingestion User Interface – easier and more intuitive to add evidence to a case *detailed below*
• Tear-Off ‘File Content Viewer’ – simultaneously view multiple copies of the ‘File Content Viewer’ *detailed below*
• Secondary Column Sorting – add a secondary sort by Shift-clicking a second column header
• Column Reordering – easily customize which columns are displayed, and in what order
• File Entropy – available as a sortable column for display in the ‘Browser’ and ‘File Filter’ views, also available as an individual file filter
• Updated 'Media' view – allows for more options in sorting through visual media files (OS thumbs, pictures, videos, or all combined)
• Improved Exporting of Contacts Data to Tab-Delimited and CSV Files – all fields of contact data are now included in exports
• Search Results Begin Displaying Before Search Is Complete – helps aid decisions about whether to allow the search to play out, or whether to pause and revise search criteria
BlackLight has improved upon its offline maps, allowing for more practical, at-a-glance renderings of each location. No longer does the examiner only have the option of seeing a single map, zoomed out to the maximum level with a set of crosshairs, a format which can be less than ideal if those crosshairs fall on multiple small states or countries.
Rather than displaying a single Mercator map, BlackLight now boasts a new set of static maps based on OpenStreetMap. Select a file that contains GPS coordinates, and choose the Location tab. BlackLight reveals an offline map with three levels of zoom. With the maps included in BlackLight’s 2016 R2 release, viewing of up to level 8 can be seen in the largest map tile. Users can download additional maps for additional zoom capabilities if they so desire.
The zoom is currently set at levels 3, 5, and 8. When additional zoom level tiles are downloaded, BlackLight will increase its maximum zoom to that level. BlackLight’s offline maps are contained in a Map Pack, which examiners can install separately. More OpenStreetMap features are expected in future BlackLight releases.
By the way, BlackLight still features the ability to zoom in using the Show on Google Maps… button. When connected to the Internet, the examiner may select this button, and the default browser will open to Google Maps, allowing control of the zoom level and viewing style. Also, in addition to being able to export files containing GPS information as a KMZ file, examiners can now also export them in KML format.
BlackLight 2016 R2 presents a refreshed ‘Email’ subview with more inclusive email parsing and analysis.
The ‘Email’ subview currently supports the following email formats: Outlook for Windows (.pst and .ost), general mbox (which is exported Mac Mail and other platform-agnostic clients), Outlook for Mac (.olk15Message), as well as .eml, .emlx, and .imapmbox.
The new data ingestion process makes it markedly easier and more intuitive to add evidence to a BlackLight case. In fact, it’s now possible to add multiple items to the case at the same time.
When an item is selected in the left pane, all its partitions are displayed in the middle pane. Select each item for processing and choose the desired ingestion options. In the interest of convenience and efficiency, examiners can save multiple ingestion option templates (i.e., templates for settings in the right pane of the ‘Add Evidence’ window). Ultimately, the ingestion/processing options for each item or volume remain selectable by the examiner, so that each piece of evidence can be processed in only the desired manner.
We’ve even borrowed a special feature from Mobilyze, BlackBag’s mobile device triage tool. BlackLight now has the ability to perform a limited collection on mobile devices, when the device allows it. When a specific type of data is being sought and there is a limited amount of time to gather it, this feature can be a game-changer.
Another helpful new feature is the ability to “tear off” the ‘File Content Viewer’ as a separate window, thus allowing examiners to simultaneously view multiple copies of the ‘File Content Viewer.’ BlackBag has added this new functionality in response to user requests.
Additional tear-off ‘File Content Viewer’ windows can be created, and each one can be used to view different data if desired. For instance, one window may show the Preview tab, while another shows Metadata, and a third reveals Location maps. When a file is selected within the original case window, such as in ‘Browser’ view, all of the tear-off windows update to reflect information related to that file.
There is no need to reconnect these tear-off windows to the original case window. Simply close each window when finished with it. Even though the ‘File Content Viewer’ can be hidden on the original case window, it is always there and never has to be reattached.
Your Feedback Fuels the Design
We at BlackBag always strive to keep up with the ever-changing needs of today’s examiners. As part of that effort, we’ve challenged ourselves and expanded our reach into territories we’d previously left untouched, such as Windows and Android analysis. As we continue to grow and perfect new features and functionality within BlackLight, it’s absolutely imperative that you keep providing the insightful feedback that has allowed us to develop the tool we’re proud to offer today.
Additionally, one of our defining characteristics has always been our Forensic Analyst and Instructor team, firstname.lastname@example.org, bringing you years of law enforcement and digital forensics experience, to offer free training and free support in the field. Our industry experts are only one call away for any questions or challenges you might encounter.
Not already using BlackLight?
Visit our website to learn more about BlackLight and request your fully functional demo license today!
About the Company
BlackBag Technologies is a developer of innovative forensic acquisition, triage, and analysis software for Windows, Android, iPhone/iPad, and Mac OS X devices. We strive to reveal the truth in data in order to create a safer world. The company’s flagship product, BlackLight, has been adopted worldwide by many digital forensics examiners as a primary analysis tool. Mobilyze, BlackBag’s groundbreaking mobile device triage tool, empowers virtually all law enforcement personnel, with or without specialized experience, to capably triage and report on data from smartphones.
To learn more about BlackBag’s software and training, please contact us at 855-844-8890, or visit us at blackbagtech.com.