BlackLight

ANALYZE ALL 4 MAJOR PLATFORMS IN 1 TOOL

Mac OS X – Windows – iPhone / iPad – Android

BlackLight is a multi-platform forensic analysis tool that allows examiners to quickly and intuitively analyze digital forensic media. BlackLight is capable of analyzing data from Mac OS X computers, iOS devices (iPhone, iPad, iPod Touch) and Windows computers. It is compatible with all leading logical and physical forensic image formats.

Examiners may use BlackLight as a time-saving data triage tool, or as an advanced forensic examination tool depending on the circumstance. To learn more, please view the quick feature videos below.

Request a Quote


    If possible, please use a valid agency/company email.

    RCMP DMFT Program?



    This is necessary to quote accurate shipping costs.


    Quickly Acquire a Snapshot of the User’s Device

    The BlackLight Details view provides a visual display of configurations and usage for each device in your case file, including:

    • Device type, OS version, serial number, UDID, and IMEI
    • Artifact summary statistics for documents, emails, movies, calls, voicemail, and more
    • Device user account information and common Internet account information for applications such as Twitter and iCloud.
    • Recent usage history, including dialed phone numbers (with associated contact information), last running applications, and most recent web-based location searches.

    Easily Uncover User Actions

    BlackLight’s innovative Actionable Intel view allows examiners to view various data points that can be attributed to a user’s actions. Traces of potentially important user activity from many disparate locations are collected and organized for practical, efficient examination.

    Elements include:

    • Recently executed files and programs, drawn from the Windows Registry, link files, jumplists, Prefetch and Superfetch.
    • Device connection data for all devices previously connected to the system, including USB device connection dates/times and the associated user account.
    • iOS device backups.
    • Recent file downloads.
    • Trash (for Mac OS X volumes) and Recycle Bin (for Windows volumes)
      Current and deleted user account info.

    Efficiently Sift Through Large Data Sets

    BlackLight’s signature File Filter view includes examiner-defined filter options to quickly pinpoint relevant data within large data sets. Filter criteria include: File_Filter_2015_R1

    • File name, kind, size, or extension
    • Date created, modified, or accessed
    • Picture metadata attributes, including GPS coordinates and camera (iOS device) type
      Positive and negative hash set filtering.

    Examiners may apply any number of filters or inverse filters to quickly isolate important data from system files or base application files. BlackLight comes with several pre-set file filters, including those that filter by file type, file attribute, geolocation coordinates, and source device type.

    Find the Picture and Video Evidence You Need

    BlackLight’s Media view has built-in support for all commonly used picture and video file types, and it includes several helpful and examiner-oriented analysis features, such as:

    Built-in GPS Mapping:

    • All media files containing GPS data will be identified with a placemark badge
    • Examiners can view media geolocation data on a Mercator map (offline) or using Google Maps (online) directly from the built-in GPS view.

    Proprietary Skin Tone Analysis Algorithm:

    • Sort picture and video files by the skin tone percentage contained in the file.

    Video Frame Analysis:

    • BlackLight initially displays video files as 4×4 frame sequences, allowing examiners to quickly triage multiple video files in order to locate potential evidence.

    Recover Every Message from the Most Common Sources

    The Communication view in BlackLight allows examiners to see a full log of calls, voicemail, social media activity, and more. Most importantly, examiners can view messaging threads in list view or in their native format, with support for data from:

    Text Services

    • SMS/MMS
    • iMessage
    • iChat

    Messaging Apps

    • Skype
    • Kik
    • TextPlus
    • TextFree

    Social Media

    • Facebook
    • Twitter
    • LinkedIn
    • Foursquare

    Customize Your Report

    BlackLight is designed to make reporting incredibly flexible. Examiners may export large data sets in an easily readable format, and can export reports in a variety of formats to enable easy information sharing with all interested third parties. With BlackLight’s Report view, you can:

    • Easily tag evidence and include any and all relevant metadata in the examiner report
    • Export your report in your choice of formats, including;.pdf, .html, .docx, .txt
    • Export eDiscovery data to a generic Concordance load file that is compatible with all major review platforms
    • Mask (blur) sensitive data contained within examiner reports that may be shared with non-authorized third parties