Announcing BlackLight 2019 New Features
BlackBag announced in May, the release of MacQuisition 2019 R1: as the first and only solution to produce a decrypted image of Mac systems utilizing the Apple T2 chip. MacQuisition 2019 R1 also includes several exciting updates to support the latest Mac systems you may encounter in the field.
What’s New and Improved:
- Ability to create physical decrypted images of Apple systems with T2 chips
- Support for imaging APFS Fusion drives
- Capture RAM and targeted collections live on Mojave
- Support added to boot newer hardware
Here are a few relevant details on the T2 chip. The Apple T2 Security Chip is the second-generation custom Mac silicon, which Apple claims brings industry-leading security to Mac. It features a Secure Enclave coprocessor, which provides the foundation for APFS encrypted storage, secure boot, and Touch ID on Mac. In addition to the security components, the T2 chip integrates several controllers found in other Mac systems—like the system management controller, image signal processor, audio controller, and SSD controller. A dedicated AES hardware engine included in the T2 chip powers line-speed encrypted storage with FileVault. FileVault provides data-at-rest protection for Mac. Secure boot ensures that the lowest levels of software aren’t tampered with and that only trusted operating system software loads at startup. On Mac computers with Touch ID and the T2 chip, the Secure Enclave also secures Touch ID. In addition, all Mac portables with the T2 chip have a hardware disconnect that ensures the microphone is disabled when the lid is closed.
In a busy month, BlackBag also announced its first release of the year for its BlackLight tool. Some of the new powerful new features added to BlackLight 2019 are outlined below:
1- Image Categorization
Image categorization reduces review time by revealing images and videos that may contain categories of interest. BlackLight now includes Image Analyzer’s latest technology for machine learning based image analysis. Image Analyzer is a proven solution with years of experience in categorizing images. With Image Analyzer technology built in, users can run image categorization across pictures and videos with no Internet connection.
For this release, BlackLight looks for the following categories:
- Pornography
- Weapons
- Drugs
- Extremism
- Gore
- Alcohol
- Swimwear/Underwear
All available threat categories run when using Image Categorization in BlackLight.
2 – Smart Indexing
Creating an index of text documents on a device allows an examiner to quickly find if a particular topic is mentioned within the evidence set. The process of creating an index has historically been time-consuming and resulted in bloated cases sizes. However, new advancements around indexing allow BlackLight to provide users with a quick and efficient index. Once built, investigators can follow where the leads take them. Make fast sequential queries of the index for words without waiting for a traditional search of the drive contents.
For the initial release, BlackLight will provide index capabilities only for allocated files on the file system. These are the files most relevant and likely to be useful for prosecution. Data extracted by BlackLight from inside of container files, like internet, email, or archives, as a result of processing are not included but more are promised to follow shortly.
3 – Export Files to Logical Evidence Files (.L01)
The EnCase® Logical Evidence File Format (L01) is widely supported by Forensic and eDiscovery tools and preserves file content, metadata, and folder structure. BlackLight now allows you to create Logical Evidence Files directly as an export option via a right click and selecting the Export menu.
If you are interested in Blackbag Technologies’ MacQuisition 2019 R1, please do not hesitate to contact us.