Blackthorn supports over 3500 different profiles of devices through logical and physical acquisitions, file imports, and decoding of flash memory images. Users can conduct full examinations of GPS devices and create customized reports by selecting specific data, adding maps, annotations, and comments. The reports can be saved in a variety of common formats. The analysis feature allows user to conduct advanced queries to uncover devices visiting the same locations, devices with activity within a certain distance of a specific location, and devices that have been in the same place at the same time.
Blackthorn supports Garmin, Magellan, TomTom, Furuno, Raymarine, SIMRad and Lowrance devices, just to name a few. For physical acquisitions, DD and E01 images are supported. Blackthorn can import files such as gdb, adm, gpx, cmap, usr, kml, csv, xls, xlxs, and txt. Users can also import DD and E01 image sets from other acquisition tools.
Examination / Reporting
Blackthorn has native data viewers such as hex, strings, XML, and SQLite. Data can be easily tagged and sent to the report builder. Geolocation data can be easily plotted and included in the report from online/offline maps such as Google, Bing, Yahoo, Open Street Maps, ArcGIS Topographical, Aviation Charts, NOAA Maritime Charts or Microsoft’s MapPoint. Users can make annotation on the maps that will be included in the report. Reports can be saved in html, xml, Microsoft Word, Microsoft Excel, or PDF formats. Any of the data acquired with Blackthorn can be exported from the application in csv, txt, xlsx, xml, kml, kmz, or gdb formats.
Analysis / Search
Built-in analytical reports identify activity by geolocation as well as correlations across cases or devices by identifying common locations and times. The search function includes key words, hash value, file type and geo location.
Blackthorn has a watch list feature, which provides users with immediate notifications when data being acquired matches a pre-defined trigger. Watch list items can be created based on locations, key words or GREP expressions. Users can maintain multiple watch lists for either specific cases or at a global level.