BlackLight 2016 R1 – The Examiner’s Windows, Mac, iPhone and Android Solution

by

BlackLight 2016 R1 represents much more than new features and bug fixes. Our vision for BlackLight has always been a cost-effective forensic solution for law enforcement that just works.

A solution that:
– Analyzes 90% of your caseload (Windows, Mac, iPhone and Android)
– Does not require a $6,000 workstation to run
– Does not require a month of expensive training to learn or a computer science degree to use
– Gets you immediate, actionable results (not processing for days or weeks)We recognize budgets are beyond tight. We understand that mandatory rotations happen, moving out experienced examiners and requiring new examiners to come up to speed immediately. We also know that BlackLight will have limitations and won’t be perfect – no software is. It’s why we have an awesome Forensic Analyst and Instructor team (analyst@blackbagtech.com) with years of forensic experience and strong technical backgrounds to offer free training and free support (support@blackbagtech.com) in the field. They are one call away for any questions or challenges. For all you BlackLight customers, we think you will appreciate the new features described below. If you are sick and tired of the status quo, we hope you will give BlackLight a try as your primary tool.

New in 2016 R1:

Windows Memory Analysis: While memory forensics is not yet mainstream, we think it will be soon, and the memory technology we have built is incredibly fast. It’s literally 2-3,000 times faster than traditional open-source forensic tools, giving examiners results in seconds, not minutes or hours. It analyzes raw dumps, hiberfil.sys (Hibernation file, from Vista or 7), pagefile.sys, and crash dumps (full, from Vista or 7). For these Windows memory files, BlackLight performs file carving and bulk extraction content searches (for numerous items such as URLs, addresses, phone numbers, etc.). There’s also a new ‘Memory’ subview dedicated specifically to memory file artifacts (processes, libraries, sockets, handles, and drivers). By the way, we know you Mac purists want Mac memory, and that’s also in the works. This is the very first release of our memory technology with much more to come.

Volume Shadow Copies: BlackLight now parses Volume Shadow Copies (VSCs) for Windows volumes, and it allows examiners to analyze them in a novel, intuitive way. BlackLight does not merely show files with VSCs and mount them for viewing. Versatile search and filtering options for the VSCs are included, so examiners can effectively explore this invaluable data, much of which the user may have believed was deleted. BlackLight examiners have the ability to view each VSC’s contents separately, or together in a comparative view with variants from other VSCs and the active volume.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

Parsing of Valuable Log Files: On the Mac side, BlackLight now parses file system events from the .fseventsd folders. Although these system events may be deleted by the system over a short period of time, their usefulness cannot be overstated. Every volume that can be written to by the HFS+ file system will contain this .fseventsd data, even a FAT32 flash drive that was connected to a Mac. As of 2016 R1, BlackLight also has the ability to parse $LogFile (disk activity) and $USNJRNL (change journal) files for Windows volumes. These log files can shed light on disk activity, potentially giving the examiner a much clearer picture of the events that have taken place on the Windows volume. There’s no longer a need to use additional tools or scripts to parse these log files – BlackLight allows for analysis of the contents within the native application.

Custom SQLite Queries: SQLite databases are becoming more and more common on both Windows and Mac platforms. BlackLight now allows for queries to be run on SQLite databases. This new feature is especially useful for analyzing SQLite database content that is not already parsed and displayed in specific BlackLight views.

Tons of Bug Fixes and Improvements: including location data for OS X 10.9 and 10.10; more parsing of social media communications data (e.g., Swarm, Tango); and the ability for Windows examiners to map a BlackLight case to any chosen volume letter, thus avoiding the Windows file path character limit and improving performance.

In a nutshell, we’ve added significant new functionality to BlackLight over the past several years (Windows, Android, and now memory features) with much more lined up for 2016. This is a big release for us, and we hope you agree that BlackLight has truly emerged as a primary analysis tool across all major platforms. This is the start of a lot of great things to come, and we look forward to your feedback as always!

REQUEST A FULLY-FUNCTIONAL TRIAL COPY TODAY!

Carpe Datum,
The BlackBag Team

Leave a Comment

Latest Videos

Forensic Focus

Forensic Focus
Si and Desi interview Emi Polito from Amped about how to become an Amped FIVE Certified Examiner (AFCE). They discuss the exam requirements, format, timeline for certification, and Amped’s future plans. Emi explains that the certification is aimed at demonstrating competency with the Amped FIVE video analysis software after completing training. The exam consists of multiple choice questions on theory and practical exercises using the software. Emi talks about the online exam format and process for passing or failing. Emi also discusses the broader challenges many organizations face with validation and accreditation. He emphasizes Amped's commitment to developing tools that facilitate that process. The hosts reflect on the confusing accreditation landscape and Amped’s passion for improving training and certification in forensics. This episode provides an overview of Amped's new certification and perspective on challenges in the field of video forensics. Show Notes: Introducing The AFCE Certification (Amped FIVE Certified Examiner) - https://www.forensicfocus.com/news/introducing-the-afce-certification-amped-five-certified-examiner/ Video Evidence Principles With Amped Software - https://www.forensicfocus.com/podcast/video-evidence-principles-with-amped-software/ Digital Image Authenticity And Integrity With Amped Authenticate - https://www.forensicfocus.com/podcast/digital-image-authenticity-and-integrity-with-amped-authenticate/ File Analysis And DVR Conversion Training From Amped Software - https://www.forensicfocus.com/reviews/file-analysis-and-dvr-conversion-training-from-amped-software/ Amped FIVE Speed Estimation 2d Filter And Training From Amped Software - https://www.forensicfocus.com/reviews/amped-five-speed-estimation-2d-filter-and-training-from-amped-software/ Amped Software’s Martino Jerian on Key Challenges and Opportunities for Video Evidence - https://www.forensicfocus.com/podcast/amped-softwares-martino-jerian-on-key-challenges-and-opportunities-for-video-evidence/ LEVA 2023 Training Symposium - https://www.leva.org/ Forensic Collision Investigation & Reconstruction Ltd - https://www.fcir.co.uk/ Amped FIVE Certified Examiner - https://ampedsoftware.com/afce-certification Introducing the Amped FIVE Certification Program - https://blog.ampedsoftware.com/2023/10/04/introducing-the-amped-five-certification-program Amped Software YouTube - https://www.youtube.com/ampedsoftware How to Use the Validation Tool in Amped FIVE - https://blog.ampedsoftware.com/2023/03/29/how-to-use-the-validation-tool-in-amped-five

Si and Desi interview Emi Polito from Amped about how to become an Amped FIVE Certified Examiner (AFCE). They discuss the exam requirements, format, timeline for certification, and Amped’s future plans. Emi explains that the certification is aimed at demonstrating competency with the Amped FIVE video analysis software after completing training. The exam consists of multiple choice questions on theory and practical exercises using the software. Emi talks about the online exam format and process for passing or failing.

Emi also discusses the broader challenges many organizations face with validation and accreditation. He emphasizes Amped's commitment to developing tools that facilitate that process. The hosts reflect on the confusing accreditation landscape and Amped’s passion for improving training and certification in forensics. This episode provides an overview of Amped's new certification and perspective on challenges in the field of video forensics.

Show Notes:

Introducing The AFCE Certification (Amped FIVE Certified Examiner) - https://www.forensicfocus.com/news/introducing-the-afce-certification-amped-five-certified-examiner/

Video Evidence Principles With Amped Software - https://www.forensicfocus.com/podcast/video-evidence-principles-with-amped-software/

Digital Image Authenticity And Integrity With Amped Authenticate - https://www.forensicfocus.com/podcast/digital-image-authenticity-and-integrity-with-amped-authenticate/

File Analysis And DVR Conversion Training From Amped Software - https://www.forensicfocus.com/reviews/file-analysis-and-dvr-conversion-training-from-amped-software/

Amped FIVE Speed Estimation 2d Filter And Training From Amped Software - https://www.forensicfocus.com/reviews/amped-five-speed-estimation-2d-filter-and-training-from-amped-software/

Amped Software’s Martino Jerian on Key Challenges and Opportunities for Video Evidence - https://www.forensicfocus.com/podcast/amped-softwares-martino-jerian-on-key-challenges-and-opportunities-for-video-evidence/

LEVA 2023 Training Symposium - https://www.leva.org/

Forensic Collision Investigation & Reconstruction Ltd - https://www.fcir.co.uk/

Amped FIVE Certified Examiner - https://ampedsoftware.com/afce-certification

Introducing the Amped FIVE Certification Program - https://blog.ampedsoftware.com/2023/10/04/introducing-the-amped-five-certification-program

Amped Software YouTube - https://www.youtube.com/ampedsoftware
How to Use the Validation Tool in Amped FIVE - https://blog.ampedsoftware.com/2023/03/29/how-to-use-the-validation-tool-in-amped-five

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_VKk-mhlae1c

Becoming An Amped FIVE Certified Examiner (AFCE)

Forensic Focus 1st December 2023 4:25 pm

Subscribe to the Forensic Focus Podcast: https://www.forensicfocus.com/podcast/ Si and Desi are joined by Brittany and Ailsa from digital forensics software company ADF Solutions. They discuss how ADF is addressing key challenges for digital forensics practitioners, including handling the massive volumes of data from mobile devices and the cloud. The guests outline ADF's focus on developing their software as an easy-to-use onsite triage tool that can help quickly identify pertinent evidence. Key features include advanced handling of video files, AI-assisted classification of images, and new screen recording capabilities for mobile devices that allow suspects to safely share relevant data. The hosts and guests also explore ADF's ongoing research into areas like facial recognition, handling new device types like games consoles and smart watches, and identifying deepfake media. 00:00 – Introduction to Ailsa and Brittany 03:00 – The challenge of vast amounts of data 05:50 – Recovering data from Chromebooks 08:50 – Triaging using ADF tools 12:30 – Benefits of using ADF Solutions’ tools 15:50 – Limitations in types of apps 17:20 – Keeping up with technological advancements 19:15 – ADF customer base 21:00 - Artificial intelligence in classifying images 30:00 – ADF Solutions’ triaging kit 37:00 – Training with ADF 40:00 – Target user 44:50 – Roadmap of future devices to examine 51:30 – Main focus for ADF Solutions going forwards Show Notes: AI-generated CSAM article on Sky News - https://news.sky.com/story/thousands-of-ai-generated-child-abuse-images-being-shared-online-research-finds-12991727

Subscribe to the Forensic Focus Podcast: https://www.forensicfocus.com/podcast/

Si and Desi are joined by Brittany and Ailsa from digital forensics software company ADF Solutions. They discuss how ADF is addressing key challenges for digital forensics practitioners, including handling the massive volumes of data from mobile devices and the cloud.

The guests outline ADF's focus on developing their software as an easy-to-use onsite triage tool that can help quickly identify pertinent evidence. Key features include advanced handling of video files, AI-assisted classification of images, and new screen recording capabilities for mobile devices that allow suspects to safely share relevant data.

The hosts and guests also explore ADF's ongoing research into areas like facial recognition, handling new device types like games consoles and smart watches, and identifying deepfake media.

00:00 – Introduction to Ailsa and Brittany
03:00 – The challenge of vast amounts of data
05:50 – Recovering data from Chromebooks
08:50 – Triaging using ADF tools
12:30 – Benefits of using ADF Solutions’ tools
15:50 – Limitations in types of apps
17:20 – Keeping up with technological advancements
19:15 – ADF customer base
21:00 - Artificial intelligence in classifying images
30:00 – ADF Solutions’ triaging kit
37:00 – Training with ADF
40:00 – Target user
44:50 – Roadmap of future devices to examine
51:30 – Main focus for ADF Solutions going forwards

Show Notes:
AI-generated CSAM article on Sky News - https://news.sky.com/story/thousands-of-ai-generated-child-abuse-images-being-shared-online-research-finds-12991727

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_4z-EgH54KZk

The Power Of Digital Forensics: How ADF Solutions Is Revolutionizing The Digital Forensics Industry

Forensic Focus 30th November 2023 2:57 pm

Si and Desi talk to Gavin Prue and Selim Kang about their non-traditional paths into cybersecurity careers. They share their diverse educational backgrounds, from vocational college courses to returning to school later in life, and the hands-on training that helped prepare them for incident response roles. Gavin and Selim provide advice for aspiring cybersecurity professionals on the importance of networking, asking questions, having a positive attitude, and being willing to put in extra time learning new skills. They discuss the value of university degrees versus certifications, the pros and cons of accredited cybersecurity programs, and the need for continued education in this rapidly evolving field. Whether starting from scratch or changing careers, their stories demonstrate that resilience and motivation can overcome lack of formal qualifications.

Si and Desi talk to Gavin Prue and Selim Kang about their non-traditional paths into cybersecurity careers. They share their diverse educational backgrounds, from vocational college courses to returning to school later in life, and the hands-on training that helped prepare them for incident response roles.

Gavin and Selim provide advice for aspiring cybersecurity professionals on the importance of networking, asking questions, having a positive attitude, and being willing to put in extra time learning new skills. They discuss the value of university degrees versus certifications, the pros and cons of accredited cybersecurity programs, and the need for continued education in this rapidly evolving field. Whether starting from scratch or changing careers, their stories demonstrate that resilience and motivation can overcome lack of formal qualifications.

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_eFAnfQtuRI8

Hacking Your Future: Education Choices For A Cybersecurity Career

Forensic Focus 29th November 2023 2:43 pm

Load More... Subscribe
This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Detego Global Achieves City & Guilds Assured Status For The Detego Ultimate Training Programme
News

Detego Global Achieves City & Guilds Assured Status For The Detego Ultimate Training Programme

ByDetego Digital ForensicsDec 5, 2023
Experience The Power Of Binalyze AIR, Live At Black Hat Europe
News

Experience The Power Of Binalyze AIR, Live At Black Hat Europe

ByBinalyzeDec 4, 2023
The Power Of Digital Forensics: How ADF Solutions Is Revolutionizing The Digital Forensics Industry
Podcast

The Power Of Digital Forensics: How ADF Solutions Is Revolutionizing The Digital Forensics Industry

ByForensic FocusNov 30, 2023
Digital Forensics Round-Up, November 30 2023
News

Digital Forensics Round-Up, November 30 2023

ByForensic FocusNov 30, 2023
Turning The Tide Against Wildlife Crime With Detego Global’s Cutting-Edge Digital Forensics Tools
News

Turning The Tide Against Wildlife Crime With Detego Global’s Cutting-Edge Digital Forensics Tools

ByDetego Digital ForensicsNov 30, 2023
Hacking Your Future: Education Choices For A Cybersecurity Career
Podcast

Hacking Your Future: Education Choices For A Cybersecurity Career

ByForensic FocusNov 29, 2023