BlackBag Technologies is proud to announce the first and only solution to produce a decrypted physical image of Apple’s latest Mac systems utilizing the T2 chip.

San Jose, CA – March 11, 2019 –  Current logical imaging solutions, including functionality available in the previous version of BlackBag’s own Digital Collector tool, and competing solutions like Sumuri Recon and EnCase, miss critical file system information that only this new level of physical access will be able to provide. This vital imaging functionality will be available in the upcoming Digital Collector 2019 R1 release and the output will be seamlessly ingested for analysis by Inspector 2019 R1.

All Mac computers, starting in late 2017, rely on Apple’s T2 security chip to provide hardware-assisted encryption for data stored on the system. Apple’s T2 encryption methodology is unique to each Mac, and critical data can only be decrypted using the keys stored in that systems T2 chip. Although currently it is infeasible to extract the encryption keys from the T2 chip, BlackBag has built the only solution that works with the chip to decrypt the filesystem at collection time, enabling examiners to capture the entire physical blocks that hold vital information and not just logical files. In addition, unlike other products that need admin credentials just to obtain logical data, BlackBag can do this without the user’s credentials or a recovery key (credentials are only required if the additional security of FileVault protection is also enabled on the system).

“I am excited customers can rely on BlackBag to provide leading solutions to handle the ever-changing complexities introduced by encryption, especially for Mac. Last year we were the first to provide a complete solution for Apple’s APFS, and now we are again first to update our tools to fully support the latest hardware from Apple,” said Derrick Donnelly, BlackBag’s Chief Scientist and founder.

With the upcoming release of Digital Collector 2019 R1 and Inspector 2019 R1, investigators will be able to gather all the data exactly as it is stored on file system, not just what is gathered by completing a logical acquisition through other tools. Dr. Joe Sylve, BlackBag’s Director of Research further explains, “These physical images will include file system level artifacts, like APFS Snapshots and extended attributes, that can show details unavailable to investigators since this new hardware has been introduced.”

As Microsoft and Apple continue to update their systems, BlackBag will continue to provide investigators the tools they need to reveal the truth in both Windows and Mac OS.

About BlackBag Technologies, a Cellebrite company
Cellebrite is the global leader of Digital Intelligence solutions for law enforcement, government and enterprise organizations. Cellebrite delivers an extensive suite of innovative software solutions, analytic tools, and training designed to accelerate digital investigations and address the growing complexity of handling crime and security challenges in the digital era. Trusted by thousands of leading agencies and companies in more than 150 countries, Cellebrite is helping fulfill the joint mission of creating a safer world. To learn more visit us at or follow us on Twitter @Cellebrite_UFED