BlackLight 2016 R1 – The Examiner’s Windows, Mac, iPhone and Android Solution

BlackLight 2016 R1 represents much more than new features and bug fixes. Our vision for BlackLight has always been a cost-effective forensic solution for law enforcement that just works.

A solution that:
– Analyzes 90% of your caseload (Windows, Mac, iPhone and Android)
– Does not require a $6,000 workstation to run
– Does not require a month of expensive training to learn or a computer science degree to use
– Gets you immediate, actionable results (not processing for days or weeks)We recognize budgets are beyond tight. We understand that mandatory rotations happen, moving out experienced examiners and requiring new examiners to come up to speed immediately. We also know that BlackLight will have limitations and won’t be perfect – no software is. It’s why we have an awesome Forensic Analyst and Instructor team ([email protected]) with years of forensic experience and strong technical backgrounds to offer free training and free support ([email protected]) in the field. They are one call away for any questions or challenges. For all you BlackLight customers, we think you will appreciate the new features described below. If you are sick and tired of the status quo, we hope you will give BlackLight a try as your primary tool.

New in 2016 R1:

Windows Memory Analysis: While memory forensics is not yet mainstream, we think it will be soon, and the memory technology we have built is incredibly fast. It’s literally 2-3,000 times faster than traditional open-source forensic tools, giving examiners results in seconds, not minutes or hours. It analyzes raw dumps, hiberfil.sys (Hibernation file, from Vista or 7), pagefile.sys, and crash dumps (full, from Vista or 7). For these Windows memory files, BlackLight performs file carving and bulk extraction content searches (for numerous items such as URLs, addresses, phone numbers, etc.). There’s also a new ‘Memory’ subview dedicated specifically to memory file artifacts (processes, libraries, sockets, handles, and drivers). By the way, we know you Mac purists want Mac memory, and that’s also in the works. This is the very first release of our memory technology with much more to come.

Volume Shadow Copies: BlackLight now parses Volume Shadow Copies (VSCs) for Windows volumes, and it allows examiners to analyze them in a novel, intuitive way. BlackLight does not merely show files with VSCs and mount them for viewing. Versatile search and filtering options for the VSCs are included, so examiners can effectively explore this invaluable data, much of which the user may have believed was deleted. BlackLight examiners have the ability to view each VSC’s contents separately, or together in a comparative view with variants from other VSCs and the active volume.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

Parsing of Valuable Log Files: On the Mac side, BlackLight now parses file system events from the .fseventsd folders. Although these system events may be deleted by the system over a short period of time, their usefulness cannot be overstated. Every volume that can be written to by the HFS+ file system will contain this .fseventsd data, even a FAT32 flash drive that was connected to a Mac. As of 2016 R1, BlackLight also has the ability to parse $LogFile (disk activity) and $USNJRNL (change journal) files for Windows volumes. These log files can shed light on disk activity, potentially giving the examiner a much clearer picture of the events that have taken place on the Windows volume. There’s no longer a need to use additional tools or scripts to parse these log files – BlackLight allows for analysis of the contents within the native application.

Custom SQLite Queries: SQLite databases are becoming more and more common on both Windows and Mac platforms. BlackLight now allows for queries to be run on SQLite databases. This new feature is especially useful for analyzing SQLite database content that is not already parsed and displayed in specific BlackLight views.

Tons of Bug Fixes and Improvements: including location data for OS X 10.9 and 10.10; more parsing of social media communications data (e.g., Swarm, Tango); and the ability for Windows examiners to map a BlackLight case to any chosen volume letter, thus avoiding the Windows file path character limit and improving performance.

In a nutshell, we’ve added significant new functionality to BlackLight over the past several years (Windows, Android, and now memory features) with much more lined up for 2016. This is a big release for us, and we hope you agree that BlackLight has truly emerged as a primary analysis tool across all major platforms. This is the start of a lot of great things to come, and we look forward to your feedback as always!

REQUEST A FULLY-FUNCTIONAL TRIAL COPY TODAY!

Carpe Datum,
The BlackBag Team

Leave a Comment

Latest Videos

In this episode of the Forensic Focus podcast, Si and Desi explore how artificial intelligence is being leveraged to uncover crucial evidence in investigations involving child sexual abuse material (CSAM) and examine the importance of exercising caution when implementing these tools. 

They also discuss a recent murder case in which cyber experts played a vital role in securing a conviction, and explore the unique challenges associated with using digital evidence as an alibi.

Show Notes:

A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) - https://dfrws.org/wp-content/uploads/2019/06/2019_USA_paper-a_practitioner_survey_exploring_the_value_of_forensic_tools_ai_filtering_safer_presentation_for_investigating_child_sexual_abuse_material_csam.pdf

Man charged with NI murder ‘faked live stream to provide alibi’ (The Guardian) - https://www.theguardian.com/uk-news/2023/feb/02/man-charged-with-ni-faked-live-stream-to-provide-alibi

A YouTuber accused of murder faked a 6-hour livestream to produce an alibi (Sportskeeda) - https://www.sportskeeda.com/esports/news-a-youtuber-accused-murder-faked-6-hour-livestream-produce-alibi

European Interdisciplinary Cybersecurity Conference (EICC) 2023 - https://www.forensicfocus.com/event/european-interdisciplinary-cybersecurity-conference-eicc-2023/#more-493234

YouTuber reportedly faked GTA livestream to have an alibi while he committed murder (Dexerto) - https://www.dexerto.com/entertainment/youtuber-reportedly-faked-gta-livestream-to-have-an-alibi-while-he-committed-murder-2052974/

Forensic Europe Expo - https://www.forensicfocus.com/event/forensic-europe-expo/#more-493225

In this episode of the Forensic Focus podcast, Si and Desi explore how artificial intelligence is being leveraged to uncover crucial evidence in investigations involving child sexual abuse material (CSAM) and examine the importance of exercising caution when implementing these tools.

They also discuss a recent murder case in which cyber experts played a vital role in securing a conviction, and explore the unique challenges associated with using digital evidence as an alibi.

Show Notes:

A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) - https://dfrws.org/wp-content/uploads/2019/06/2019_USA_paper-a_practitioner_survey_exploring_the_value_of_forensic_tools_ai_filtering_safer_presentation_for_investigating_child_sexual_abuse_material_csam.pdf

Man charged with NI murder ‘faked live stream to provide alibi’ (The Guardian) - https://www.theguardian.com/uk-news/2023/feb/02/man-charged-with-ni-faked-live-stream-to-provide-alibi

A YouTuber accused of murder faked a 6-hour livestream to produce an alibi (Sportskeeda) - https://www.sportskeeda.com/esports/news-a-youtuber-accused-murder-faked-6-hour-livestream-produce-alibi

European Interdisciplinary Cybersecurity Conference (EICC) 2023 - https://www.forensicfocus.com/event/european-interdisciplinary-cybersecurity-conference-eicc-2023/#more-493234

YouTuber reportedly faked GTA livestream to have an alibi while he committed murder (Dexerto) - https://www.dexerto.com/entertainment/youtuber-reportedly-faked-gta-livestream-to-have-an-alibi-while-he-committed-murder-2052974/

Forensic Europe Expo - https://www.forensicfocus.com/event/forensic-europe-expo/#more-493225

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_7QiFTiuY7Vw

AI In CSAM Investigations And The Role Of Digital Evidence In Criminal Cases

Forensic Focus 22nd March 2023 12:44 pm

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_g6nTjfEMnsA

Tips And Tricks Data Collection For Cloud Workplace Applications

Forensic Focus 20th March 2023 12:00 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...