BlackBag Technologies, Inc.
BlackBag Technologies, Inc.
Youtube Video
BlackBag Technologies, Inc.
BlackBag Technologies, Inc.
Youtube Video

New YouTube videos detected.

  • Webinar: Implications of iOS 10 on Mobile Forensics
    Apple users were quick to update their devices to iOS 10. In fact, they were quicker to update than with any previous release. Within one month, two-thirds of iOS devices were updated. This webinar will cover changes, problems, fixes, and techniques to forensically analyzing devices running iOS 10. It will also explain the effect of encrypted backup passwords on analysis. Join Bruce Hunter, our Fo...
BlackBag Technologies, Inc.
BlackBag Technologies, Inc.
Youtube Video

New YouTube videos detected.

BlackBag Technologies, Inc.
BlackBag Technologies, Inc.
Blog Article

New blog articles detected.

  • MacQuisition. The best just got better.
    A powerful, 3-in-1 solution for live data acquisition, targeted data collection, and forensic imaging.     Proven forensic imaging software for Mac OS X BlackBag Technologies is very excited to announce the release of MacQuisition 2017. MacQuisition continues to be the leading and most advanced forensic imaging software for Mac OS X and macOS. With the 2017 release, the best just got better. Uniq...
BlackBag Technologies, Inc.
BlackBag Technologies, Inc.
Blog Article

New blog articles detected.

  • MacQuisition 2017 Coming Soon!
    Image all Intel® based Macs including the MacBook Pro with Touch Bar Mid-2017 iMac hardware support Ability to image APFS drives And much more BlackBag Technologies is very excited to announce the release of MacQuisition™ 2017 is coming soon. MacQuisition™ continues to be the leading and most advanced forensic imaging software for Mac OS X and macOS. With the 2017 release coming soon, the best g...
BlackBag Technologies, Inc.
BlackBag Technologies, Inc.
Youtube Video

New YouTube videos detected.

  • Aquire, reveal, and preserve the truth with Mobilyze
    With over 4 billion smart devices on the planet, mobile digital data is now part of every investigation. Gaining immediate access to this forensic evidence is critical. Mobilyze allows investigators to acquire, view and preserve the data held on any iOS or Android device.
BlackBag Technologies, Inc.
BlackBag Technologies, Inc.
Blog Article

New blog articles detected.

  • Master File Table Basics
    This is the final blog post in our Windows Essential Forensic blog series! Arguably the most essential file in the NTFS file system is the Master File Table.  This database contains a comprehensive listing of all files and folders on the NTFS volume. For examiners, knowledge of how the Master File Table (MFT) works is essential to properly understand how their forensic tools display and recover da...
BlackBag Technologies, Inc.
BlackBag Technologies, Inc.
Youtube Video

New YouTube videos detected.

BlackBag Technologies, Inc.
BlackBag Technologies, Inc.
Blog Article

New blog articles detected.

  • Windows Registry Demystified - Part Two
    In our last blog we laid the foundations of what the Registry is, and how it is structured.  In this blog we are going to expand on those concepts and start looking at some Registry to see how tools parse out and display this data. BlackLight Automatic Display Of Registry Items BlackLight parses out many Registry artifacts and displays the results in various areas. Figure 1: BlackLight showing au...
BlackBag Technologies, Inc.
BlackBag Technologies, Inc.
Blog Article

New blog articles detected.

  • Windows Registry Demystified - Part One
    The Windows Registry is a centralized hierarchical database that contains both system and user information and settings for Windows computers.  These settings can be anything from a user’s desktop background to the time zone setting for the computer. To some, examining the Registry is a daunting task making even the most experienced examiners shake with despair.  But it really does not need to be ...
BlackBag Technologies, Inc.
BlackBag Technologies, Inc.
Blog Article

New blog articles detected.

  • Mobilyze 2017 R1 is Now Available!
    We are pleased to announce the release of the latest version of our mobile device triage tool, Mobilyze 2017 R1. Upgrade to the latest version, or renew your license. Not using Mobilyze yet? Request a free fully functional trial. New features added to this version of Mobilyze are designed to enhance the overall Mobilyze user experience and increase the capabilities of Mobilyze to analyze the lates...
BlackBag Technologies, Inc.
BlackBag Technologies, Inc.
Blog Article

New blog articles detected.

  • BlackBag Forensic Training Leads to Arrest in Jordan
    Last November, we partnered with UNICEF to provide computer forensic training to the Jordanian Police Family Protection Department. Two of our forensic analysts flew to Jordan  to provide the training, as well as train them on our comprehensive analysis software, BlackLight. We were thrilled to learn that this training provided them with the tools necessary to arrest a suspected child pornography ...
BlackBag Technologies, Inc.
BlackBag Technologies, Inc.
Blog Article

New blog articles detected.

  • Mac RAM Imaging and Analysis
    Right on the heals of our Windows RAM blog, we bring you one on Mac RAM analysis. Collecting and analyzing RAM on a Mac is, not surprisingly, different than it is on a Windows machine.  Tools like MacQuisition can assist examiners in acquiring RAM from Mac computers. Some Differences On a Windows machine running a live memory capture is normally fairly easy; as long as the user has logged in is an...
BlackBag Technologies, Inc.
BlackBag Technologies, Inc.
Blog Article

New blog articles detected.

  • Why Windows RAM Should Be Part of Triage
    Analyzing the contents of RAM has been a hot button topic for some time now.  It makes sense in a lot of ways, after all RAM is a block of storage, so why not image it. There is little doubt that RAM can contain an innumerable amount of important information, but how does imaging RAM fit into your process when you are collecting data at the scene? Collecting RAM vs Triage Tools Triage tools by the...
  • Windows Forensic Essentials Blog Series
    Looking for a better understanding of Windows forensics? We kicked off 2017 with a new blog series. Subscribe to our blog to be notified of the next post in the series! Windows 10 Jump List Forensics: When Microsoft released Windows 7, a new artifact was released to the forensic world, Jump Lists.  Since that time most examiners have become used to examining this artifact and reporting on the resu...
BlackBag Technologies, Inc.
BlackBag Technologies, Inc.
Blog Article

New blog articles detected.

  • Analyzing USB Entries in Windows 7
    With the proliferation of cheap external USB devices, it is becoming incumbent on examiners to determine if any USB attached storage has connected to the computer. The cases are varied, corporate, civil, or criminal.  Regardless, knowing that an external USB attached storage device has been connected to the computer; and more importantly who connected the device, can have a huge impact on your exa...
  • Forensic Examination of the 2016 MacBook Pro
    In October 2016 Apple released the new 2016 MacBook Pro models.  While a lot has been made of the fact that Apple only included USB-C (Thunderbolt 3) type ports, not much has been said about some of the other features of this computer.  Some of these features can have an adverse affect on forensic examinations. In this blog we are going to discuss some of the new features of the 2016 MacBook Pro a...
BlackBag Technologies, Inc.
BlackBag Technologies, Inc.
Blog Article

New blog articles detected.

  • An Overview: Windows Volume Shadow Copies
    Next up in our Windows Forensic Essentials Blog Series is a look at Volume Shadow Copies. Looking for other blog posts in this series? We have great information on Event Logs, and the Windows 10 Recycle Bin and Jump Lists. Despite being around since the halcyon days of Windows Vista, there is still a lot of questions surrounding the Volume Shadow Copy Service.  Further some confusion has been expr...
BlackBag Technologies, Inc.
BlackBag Technologies, Inc.
Blog Article

New blog articles detected.

  • Leveraging Windows Event Logs in Examinations
    Welcome to the third post in our Windows Forensic Essentials Blog Series. View our previous posts on Jump Lists and the Recycle Bin. Windows Event Logs can potentially be used by an examiner to show what a user has done on a computer.  They can be used to assist in answering the question “could this happen?” Let's look at how Event Logs can assist examiner’s in their case analysis. What are Event ...
  • MacBook Target Disk Mode
    When Apple released the new MacBook in 2015, only one USB-C port was included.  Learn how to image a MacBook with a single USB-C port here. Since then Apple has released their latest MacBook Pro models with 4 USB-C (Thunderbolt 3) ports. Coinciding with the release of the MacBook Pro, Apple dropped the price of adapters needed to connect these computers to external devices using standard USB, or T...
  • Examining the Windows 10 Recycle Bin
    This is the second post in our Windows Forensic Essentials Blog Series. Read our first post on Jump Lists. One of the most overlooked artifacts on a Windows computer is the Recycle Bin. The Recycle Bin has been with the Windows operating system since Windows 95 (although a similar function was available in MS-DOS 6).  Naturally over time it has evolved to its current implementation. Throughout it...
  • Recent Items in MacOS Sierra
    Knowing specifically what a user has viewed on their computer is part of what an examiner does.  Determining whether or not a user has opened a file, points to “knowledge” of the existence of the file.  Knowledge is an essential element when attempting to prove possession. Operating systems track usage on computers in different ways.  Forensic examiners try to leverage usage artifacts to determine...
  • Windows 10 Jump List Forensics
    When Microsoft released Windows 7, a new artifact was released to the forensic world, Jump Lists.  Since that time most examiners have become used to examining this artifact and reporting on the results. Jump Lists are potentially a valuable source of evidence that can point directly to a user’s interactions with the computer. Jump Lists In Windows 10 Jump Lists provide users a graphical indicatio...
  • BlackLight 2016 R3.1 is Now Available!
    We are excited to announce the release of BlackLight’s newest update, 2016R3.1. This release features many fixes and improvements, including iOS 10.2 encryption support and an updated EWMounter. Update your software or renew your license! iOS 10.2 With Apple’s release of iOS 10.2 came a drastic increase in the encryption of its iTunes backups.  Following that change, BlackBag has improved BlackLig...
  • Configuring a BlackLight Case for Optimal Performance
    How and where the BlackLight case is stored has a direct effect on performance.  Even the fastest workstation will benefit from this simple concept of how to set up your BlackLight case file:  store the case and evidence files on different data buses! Here’s why.  At its heart, the BlackLight case is a database.  While the case is open, data is being written to and read from the case file (databas...
  • Forensic Certification Courses Scheduled for 2017
    Essential Forensic Techniques I and II are now open for registration for 2017. Sign up now to reserve your spot! ESSENTIAL FORENSIC TECHNIQUES I (EFT I) SAN JOSE, CA - FEB 6, 2017 STAFFORD, UK - FEB 20, 2017 LARGO, FL - MAY 1, 2017 ESSENTIAL FORENSIC TECHNIQUES II (EFT II) SAN JOSE, CA - FEB 13, 2017 STAFFORD, UK - FEB 27, 2017 LARGO, FL - MAY 8, 2017 Each course is one week long taught by industr...
  • Blacklight 2016 R3 is Now Available!
    Watch the New Features Demo We are pleased to announce the third major release of BlackLight for 2016.  This comprehensive Windows, Android, iPhone/iPad and Mac forensic analysis software just keeps getting better. Update your software now! BlackLight 2016 R3 implements several new features and improvements, including the following: Windows 8 and 10 hiberfil.sys and Raw Memory Parsing, Searchin...
  • BlackBag’s CoreStorage Workshop Receives Highest Ranking
    In September 2016, we sponsored & attended DataExpert’s annual Digital Experience conference. The event provided knowledge, tools, and networking in the fields of Digital Forensics, Crime Analysis, Cybercrime, Incident Response and/or Data Intelligence and Analysis. DataExpert strives to provide a high standard conference by providing the latest technologies and tools, but also pertinent informati...

Out-Market Your Competitors?

Get complete competitive insights on over 2.2 million companies to drive your marketing strategy.

Create Free Account Log in

By signing up, you agree to the Terms of Service and Privacy Policy.

Out-Market Your Competitors

Get complete competitive insights on over 2.2 million companies to drive your marketing strategy.

Create Free Account

Already a user?  Log in

By signing up, you agree to the Terms of Service and Privacy Policy.