Analyze All 4 Major Platforms in 1 Tool

Quickly Acquire a Snapshot of the User’s Device

The BlackLight Details view provides a visual display of configurations and usage for each device in your case file, including:

  • Device type, OS version, serial number, UDID, and IMEI
  • Artifact summary statistics for documents, emails, movies, calls, voicemail, and more
  • Device user account information and common Internet account information for applications such as Twitter and iCloud
  • Recent usage history, including dialed phone numbers (with associated contact information), last running applications, and most recent web-based location searches


Easily Uncover User Actions

BlackLight’s innovative Actionable Intel view allows examiners to view various data points that can be attributed to a user’s actions. Traces of potentially important user activity from many disparate locations are collected and organized for practical, efficient examination. Elements include:

  • Recently executed files and programs, drawn from the Windows Registry, link files, jumplists, Prefetch and Superfetch
  • Device connection data for all devices previously connected to the system, including USB device connection dates/times and the associated user account
  • iOS device backups
  • Recent file downloads
  • Trash (for Mac OS X volumes) and Recycle Bin (for Windows volumes)
  • Current and deleted user account info

User Actions

Efficiently Sift Through Large Data Sets

BlackLight’s signature File Filter view includes examiner-defined filter options to quickly pinpoint relevant data within large data sets. Filter criteria include:

  • File name, kind, size, or extension
  • Date created, modified, or accessed
  • Picture metadata attributes, including GPS coordinates and camera (iOS device) type
  • Positive and negative hash set filtering

Examiners may apply any number of filters or inverse filters to quickly isolate important data from system files or base application files. BlackLight comes with several pre-set file filters, including those that filter by file type, file attribute, geolocation coordinates, and source device type.

File Filter

Find the Picture and Video Evidence You Need

BlackLight’s Media view has built-in support for all commonly used picture and video file types, and it includes several helpful and examiner-oriented analysis features, such as:

  • Built-in GPS Mapping:
    • All media files containing GPS data will be identified with a placemark badge
    • Examiners can view media geolocation data on a Mercator map (offline) or using Google Maps (online) directly from the built-in GPS view
  • Proprietary Skin Tone Analysis Algorithm:
    • Sort picture and video files by the skin tone percentage contained in the file
  • Video Frame Analysis:
    • BlackLight initially displays video files as 4×4 frame sequences, allowing examiners to quickly triage multiple video files in order to locate potential evidence.

Find Pictures

Recover Every Message from the Most Common Sources

The Communication view in BlackLight allows examiners to see a full log of calls, voicemail, social media activity, and more. Most importantly, examiners can view messaging threads in list view or in their native format, with support for data from:

  • Text Services
    • SMS/MMS
    • iMessage
    • iChat
  • Messaging Apps
    • Skype
    • Kik
    • TextPlus
    • TextFree
  • Social Media
    • Facebook
    • Twitter
    • LinkedIn
    • Foursquare


Customize Your Report

BlackLight is designed to make reporting incredibly flexible. Examiners may export large data sets in an easily readable format, and can export reports in a variety of formats to enable easy information sharing with all interested third parties. With BlackLight’s Report view, you can:

  • Easily tag evidence and include any and all relevant metadata in the examiner report
  • Export your report in your choice of formats, including
    • .pdf
    • .html
    • .docx
    • .txt
  • Export eDiscovery data to a generic Concordance load file that is compatible with all major review platforms
  • Mask (blur) sensitive data contained within examiner reports that may be shared with non-authorized third parties