What Is BlackBox?

BlackBox is a remote forensic data collection tool that addresses one of the latest trends in eDiscovery. Traditional data collections performed by certified technicians can be expensive and time consuming. In addition, precious time is lost arranging for travel and getting to the location to complete the collection. BlackBox eliminates the wasted time and travel while maintaining defensible and secure forensic collection standards by providing a customizable, secure solution that can be quickly deployed.

BlackBox is customizable to fit the specific needs of a typical eDiscovery case. Capture the whole disk or selected ESI (electronically stored information ) file types based on a date range or relevant groupings such as business documents, e-mails, pictures or video. BlackBox also allows you to to exclude certain file types that aren’t important to the collection, like system files.

BlackBox collections are triggered by the data custodian clicking start. Once BlackBox is “programmed” with the collection parameters, the data custodian cannot change the configuration. After the custodian hits “Start” the data collected is automatically encrypted, and an audit log is generated that contains the step-by-step actions performed by BlackBox during the collection.

BlackBox makes rapid deployment to anywhere in the world possible. Since BlackBox is licensed online, all that is required is an internet connection. BlackBox Partners can choose to license and configure a hard drive they have on hand or they can license and configure a hard drive remotely through the website.

Blackbox is sold exclusively through a network of professional authorized Partners. Digital forensics and/or litigation support firms can sign up to become BlackBox Partners.

How Does BlackBox Work?

As we discussed in our last post, BlackBox is a remote forensic data collection tool. BlackBox collections are securely configured by the legal team and then triggered by the data custodian on-site. This post will provide a more in depth look at how the collection process works using BlackBox.

Decide what to Collect
A BlackBox license is purchased from an authorized Partner for each device to be collected. BlackBox runs on any NTFS-formatted external storage drive using Microsoft Windows® operating systems. After purchase, the BlackBox license is ready for configuration. During configuration you decide what you are going to collect. You can capture the whole disk or selected ESI file types based on a date range or relevant groupings such as business documents, e-mails, pictures or video. BlackBox’s simple interface, shown below, allows the flexibility to create a collection customized to your needs.


Provide the BlackBox-enabled storage device to the data custodian. The custodian plugs the drive into their machine, and hits the Start button.



Don’t Worry
The captured data is automatically encrypted, and an audit log is generated. Once the collection is complete, BlackBox generates a chain of custody pre-filled with specifications of the device collected. All that is left for the custodian to do is sign the chain of custody and return it along with BlackBox to the legal team for review.



Is Remote Collection Defensible?

Remote data collection tools allow legal teams to maintain control over the collections without requiring them to be physically present for the collection. Despite the many advantages of employing remote collection tools, some remain skeptical about the overall defensibility of remote collection. As with any new technology, people want to know why they should place their trust in a new way of doing things. This post will outline three key features of remote collection tools that ensure the defensibility.

1. Encrypted Collection Settings
After the legal team determines the collection parameters required for the matter at hand, the configuration of the data to be collected is locked down by encryption. Encrypting the collection settings prevents the custodian from changing what the legal team wishes to collect. In summary, this feature ensures that the custodian cannot tamper with the collection settings determined by the legal team, allowing the legal team to maintain control.


2. Audit Logs
Audit logs document EVERY action performed by the custodian from the beginning of the remote collection to the end, including any errors during the collection. In addition, the audit log includes the information about the system being used to perform the collection, including the user logged into the system that triggered the collection as well as the make, model and serial number of the hard disk. Tamper-resistant methods, utilizing hashing algorithms and encryption, detect efforts to manipulate the data after the collection is completed.



3. Encryption of Data Collected
Once the remote collection is complete, the resulting data collected is protected from interception by ne’er-do-wells thanks to strong encryption. Encrypting the collection ensures that it arrives safely back to the legal team without risk of tampering en route.

By far, the primary factor that boosts the confidence of legal teams that utilize this new technology is that the process is documented and controlled by them rather than the custodian. All of these features ensure a simple, cost-effective and defensible ESI collection process that the legal team can be confident will hold up in court. The three features outlined above, along with the chain of custody documentation, provide for the defensibility and admissibility of ESI collected by an on-site remote collection tool in court.

How is BlackBox different from other remote collection tools?

To recap the previous three posts in this series, we’ve learned that (1) BlackBox is a forensically sound remote data collection software tool (See Part 1: What is BlackBox?), (2) BlackBox collections are securely configured by the legal team and then triggered by the data custodian on-site (See Part 2: How Does BlackBox Work?), and (3) you can trust that BlackBox is completing a defensible collection because it’s tamper-resistant technologies relies on hashing algorithms, audit logs and encryption (See Part 3: Is Remote Collection Defensible?). Now, let’s talk about how and why BlackBox is different (and better) than the other tools in this space.

BlackBox Is Thoughtful
BlackBox caters to the needs of every user likely to be involved in a data collection scenario, making the process user-friendly for all.

  • Legal Teams. BlackBox gives the attorneys control over what is collected. The attorneys also get the peace of mind that comes with knowing the data custodian onsite cannot alter the collection.
  • Digital Forensics/Electronic Discovery Vendors Technicians are spared traveling to remote (read, scary) places. Industry standard safeguards in place assure that the collection is defensible and verifiable. Technicians can stay productive completing analysis in the lab rather than traveling to then waiting around onsite for a collection to run.
  • Data Custodians. BlackBox makes their role painless. Data custodians simply plug BlackBox into their machine and hit Start. Once the collection is finished a Chain of Custody pre-filled with the collection specifics is generated. Custodians simply click the “Print Chain of Custody” button and sign it. Then they’re done.

BlackBox is not dependent on hardware
BlackBox software can be loaded onto any NTFS-formatted hard drive or storage device (such as a thumb drive). Since you can use BlackBox with basically any storage device, BlackBox is infinitely scalable to meet your data collection needs. Having the hardware required for a large scale collection at a moments notice is no longer a concern.

Pricing is clear and upfront with BlackBox
There is no guessing what you’ll pay for a collection using BlackBox. BlackBox lists the cost of $249 per collection clearly on their website for all to see. The price remains the same regardless of the size of the hard drive being collected, whether it’s 250GB or 1TB. There are no minimum purchase requirements, buy only the number of licenses you need, as you need them.

BlackBox is a true global data collection solution
BlackBox allows hard drives to be remotely licensed thus eliminating the delays and costs associated with initially shipping remote collection devices to the custodian.

“BlackBox provided a trouble-free process for me to get forensic images out of a third world country from the comfort of my office. I would not have been able to get these images without BlackBox.”
–Jerry Hatchett, aka ChopOMatic, Certified Computer Examiner, Red Forensic

Depending upon the needs of your case, a BlackBox hard drive can alternatively be licensed and configured by the legal team at their location then shipped out to the data custodians.

BlackBox was designed to address the unique concerns and needs of each user during the data collection process, whether an attorney, technician, or data custodian. All the features of BlackBox add up to equal a data collection product that is greater than the sum of it’s parts.