BlackLight™ was developed by leading Mac and iOS forensic analysts as a comprehensive forensic software tool to help investigators conduct digital forensic investigations on Mac OS X computers, iPhones and iPads. BlackLight™ is designed with both novice and advanced users in mind, and offers a clean interface featuring easy navigation and powerful advanced options.
The BlackLight™ graphical user interface (GUI) was specifically designed to give forensic examiners both robust capabilities, and an intuitive and elegant user experience throughout all phases of a digital forensic investigation.
Built for Mac and Windows
Runs on Mac OS X Leopard (10.5.8) and higher or Windows XP (SP3) and higher.
Multi-Version Operating System Analysis
Analyze Mac OS 10.0.x - Mac OS 10.7.x (Lion) systems, iOS 1.x - iOS 5.x devices and iPhone (Edge) - iPhone 4S devices, iPad and iPad2 devices, and all four generations of the iPod Touch.
Cross-platform Forensic Image Support
Import .dmg / 001, EnCase® (EWF-E01) and SMART (EWF-S01) image files.
Multi-format iPhone & iPad Forensic Image Support
Import MPE+, ElcomSoft toolkit, Jonathan Zdziarski's Method, Cellebrite, and iXAM™ iPhone and iPad image files.
Device Acquisition and Data Analysis
Automated file hashing, known file analysis and file signature analysis during OS X, iPhone & iPad device acquisitions.
iPhone and iPad File and Application Analysis
Comprehensive SMS, Voicemail, Notes, Call History Maps, Calendar and Contacts file analysis, and both Apple and third party application identification and analysis.
iPhone and iPad SQLite Database Recovery
Recover deleted SMS, Facebook, Voicemail, Call History, Calendar and Contacts SQLite database records.
Physical and Logical Forensic Image Analysis
Quickly identify and analyze data in both unallocated (deleted) and allocated (active) space.
Organize tagged evidence files using drag-and-drop. Include custom logo/branding materials. Preview reports and export to a standardized .docx format.
Tag and export responsive files while preserving important metadata.
Details, Details, Details
View file system, block sector count, total file count, etc. for each imaged device and partition(s).
File Metadata and Extended File Attributes
View file size, path, creation, modification and last access dates, EXIF, hash values and more. When available (HFS+), view fork count, physical/logical sectors and clusters for each file and folder.
Known File Hash Database (KFH)
Identify known Mac OS X (10.0.0 through 10.7.2) file types. Distinguish between known system files and potential evidence files
Automatically identify and display all pictures. "Mask" sensitive contraband media. Sort using numerous sorting options including sort by skin tone percentage. View pictures in Hex, String and Native formats.
Filter known system files and unknown file types. Filter files by kind, extension, size, and created or modified dates.
Advanced Search Features
Search across multiple volumes and devices simultaneously. Search by keywords while including or ignoring specific file extensions. Easily search regular expressions such as Mac address, IP address, Email address, URL, phone numbers and postal Code via a customizable drop-down menu.
Internet History Analysis
Full support for Safari, FireFox and Chrome browsers. View visited URLs and URL names stored by the web browser. View bookmarked websites, and dates, times, and Cookie contents (text strings and URLs.)
Full support for iChat and Adium chat formats. Display active chat files with text content, dates, names and file sizes.
Traverse the Mac Mail application directory structure for each user, display all mail account names and associated email addresses pertaining to specific email messages and content.
Pause... Then Start Again
Built in pause and crash recovery features. Pause work on a case, or restart in case of a system crash. BlackLight automatically picks up where the digital forensic investigator left off.