The one-stop shop for cyber, info security and digital forensicsContact us 01296 621121 or email digitalforensics@avatu.co.uk

www.avatu.co.uk

One tool, one interface, all four major platforms

BlackLight is the first primary analysis tool capable of handling a vast majority of your digital forensic needs. BlackLight allows for easy searching, filtering and otherwise sifting through large data sets. It can logically acquire Android and iPhone devices, runs on Windows and Mac OS X, and can analyse data from all four major platforms.

I C O N S

Memory: Process hiberfil.sys (from Vista and 7), pagefile.sys, crash dumps (full, from Vista and 7) and live memory acquisitions (RAM) in secondsAdvanced registry analysis: Uniquely handles volume shadow copies, Windows log files ($LogFile and $USNJRNL), and registry artifacts (including customisable view of significant items, along with display of LNK files, jumplist, shellbag, prefetch and superfetch data)User-specific intelligence: User account information, recently opened documents and applications, recycle bin, USB device connection artifacts, automatic iOS backup detection, file filtering for all applications, event logs and failed print jobs

Unparalleled OS X recognition: Includes native recognition of core storage, FileVault 2 and fusion drives, plus disk view colour overlays to differentiate amongst various data typesRobust Mac analysis features: User-specific .plist files, .fseventsd log parsing, device connections (including automatic iOS backup detection), network information (including location data of OS X 10.9 and 10.10), users look and feel, last file ID, Safari webpage previews, trash contents and most recent documents, apps and servers

Device-specific information: Details view displays device type/OS, phone number, device usage overview and top contactsVersatile file filtering and analysis: Includes filters for user-created pictures, photos with EXIF information, GPS filter with KMZ export, and intuitive multi-device file hash comparison, as well as deleted SQLite recovery with custom tagging and reporting options

The Blacklight difference

®

The one-stop shop for cyber, info security and digital forensicsContact us 01296 621121 or email digitalforensics@avatu.co.uk

www.avatu.co.uk

Operating system, platforms, image format and hash value supportDisk Image Support: E01 (variants) / L01/ Raw (.dd) / DMG,VMDK /

.sparsebundle / .sparseimage / .img / .isoWindows Memory Image Support: Raw / hiberfil.sys (Vista and 7) / pagefile.sys / Crash

Dumps (Full) (Vista and 7)Third-Party iOS Image Support: MPE+ / Cellebrite / ElcomSoft / Lantern

Logically Aquires: Android / iOS devices (iPhone, iPad, iPod touch)

Hash Value Support: MD5 / SHA1 / SHA256 / PhotoDNA

Included Hash Sets: NSRL / Hashkeeper / Project VIC / Known OS X System Files (BlackBag Proprietary)

Comprehensive file type analysis

Archives: zip/ .sit/ .tar/ .gz/ .7z/ .rar/ .bz2

Databases: .db/ .sql/ .sqlite

Emails: .pst/ .ost/ general mbox/ .olk15Message/ .eml/ .emlx/.imapmbox

Graphics: .bmp/ .gif/ .jp2/ .jpg/ .jpeg/ .kdc/ .png/ .psd/ .tif/ .tiff/ .xbm

iWork: .numbers/ .pages/ .keynote

Movies: .3gp/ .avi/ .dv/ .flv/ .m4v/ .mov/ .mp4/ .mpeg/ .mpg/ .vob/ .wmv

Music: .mp3/ .aac/ .mpa/ .ogg/ .aiff/ .wav/ .wma/ .m4a

Documents: .doc/ .docx/ .xls/ .xlsx/ .ppt/ .pptx/ .pdf

Platform Unique: .plist/ .dat

Metadata field support Custom file filtering

Catalog Node IDSize on DiskExtensionContent ExtensionDate Created, Modified, Accessed, AddedAttribute Modification DateVisible LockedRoot File Created, Modified, Backup, AccessedFork CountExtended AttributesGeolocation

NamePathKindExtensionContent ExtensionExtension Matching File Tagged StateSizeDate Created, Modified, AccessedFile IDHash SetHash Set Category File HashList Duplicate FilesSuppress Duplicate FilesFile Entropy LockedResource ForkAlternate Data StreamVolume Shadow CopyVisibility Metadata Field Metadata Value Internal Filter