Digital forensic imaging for law enforcement and corporate investigations The increasing diversity, size and sophistication…
Belkasoft Evidence Center
Belkasoft Evidence Center makes it easy for an investigator to acquire, search, analyze, store and share digital evidence found inside computer and mobile devices. The toolkit will quickly extract digital evidence from multiple sources by analyzing hard drives, drive images, memory dumps, iOS, Blackberry and Android backups, UFED, JTAG and chip-off dumps. Evidence Center will automatically analyze the data source and lay out the most forensically important artifacts for investigator to review, examine more closely or add to report.
Features
- Mobile and Computer device examination: Supporting all major desktop and mobile operating systems, Belkasoft Evidence Center is suitable for mobile and computer forensics. It can parse real and logical drives and drive images, virtual machines, mobile device backups, UFED images, JTAG and chip-off dumps.
- Smart and Comprehensive Analysis: The product looks everywhere on the device completely automatically and can successfully identify over 700 types of digital artifacts. Convenient Evidence Search feature helps to narrow down the findings using filters, pre-defined search, or other options.
- Powerful Carving: Data carving allows to locate evidence that was deleted, destroyed, or never stored on the hard drive at all (page file, hibernation file, RAM contents). Besides, advanced carving mode called BelkaCarving™ is available, making it possible to reconstruct fragmented chunks into contiguous pieces of information that would otherwise not be accessible at all.Native SQLite Parsing: Recovers corrupted and incomplete SQLite databases, restores deleted records and cleared history files. Prosesses freelists, write-ahead logs and journal files, and SQLite unallocated space.
- Live RAM Analysis: Evidence Center can extract potentially crucial information from volatile memory, such as: in-private browsing and cleared browser histories, online chats and social networks, cloud service usage history, and much more. Belkasoft Live RAM Capturer is a powerful tool for creating memory dumps, and it is complimentary.
- Handy Built-in Tools: PList, Registry, and SQLite viewers allow you to work more thoroughly with particular types of data and find even more evidence than automatic search was able to discover.
- Low-level Investigations: Equipped with File System Explorer, Hex Viewer, and Type Converter, Belkasoft Evidence Center will allow you to perform deep examination of the contents of files and folders on the device.
- Extendable with BelkaScript.Free scripting module allows user to write their own custom scripts in order to automate some of the routine and further extend the product’s functionality.
Benefits
- It’s Comprehensive: Belkasoft Evidence Center can find and analyze over 700 types of the most forensically important artifacts from all major computer and mobile operating systems. The tool supports analysis of hard drives and drive images, virtual machines, memory dumps, mobile device backups, UFED images, JTAG and chip-off dumps.
- It Saves Your Time & Effort: Unlike many other forensic products, Belkasoft Evidence Center does not require your constant presence and attention. Most of the routine is automated, allowing multi-tasking and freeing up some of your valuable time.
- It’s Powerful.The product finds, analyzes, and lays out to you on a platter about 90-95% of the data from the device being examined completely automatically, but it does not stop there. You can use one of product’s powerful analytical features for low-level examinations: SQLite Viewer, Hex Viewer, Registry Viewer – to locate hard-to-access, damaged, and deleted information.
- It’s Forensically Sound.Evidence Center is designed to meet the demands of forensic experts and investigators. Workflow is simple and quick, and results are easy to convert into a report. Reports are adjustable, comprehensive, and most importantly, absolutely valid to present in a court as proven by years of experience of our users. One of the real life examples was a big case of child abuse in Croatia solved using Belkasoft Evidence Center.
- It’s Flexible.The product has different licensing options to answers any of your needs. For individual users, the most affordable fixed license is available. For use in a small or medium-size company, you can buy a floating license that comes with a USB dongle, which allows to run Evidence Center on multiple PC’s; whereas portable version is perfectly suited for work in the field, as it runs from a USB drive and requires no installation.
Technical Specifications
Belkasoft Evidence Center runs on any Windows OS, starting Windows XP to Windows 10, both 32- and 64-bit versions.
Data sources supported
Computer
- Operating systems: Windows (all versions, including Windows 10), Mac OS X, Unix-based systems (Linux, FreeBSD, etc.)
- Storage devices: hard drives and removable media
- Disk images: EnCase, L01/Lx01, FTK, DD, SMART, X-Ways, Atola, DMG
- Virtual machines: VMWare, Virtual PC, VirtualBox, XenServer.
- Memory: RAM dumps, Hibernation files, Page files
- File systems: FAT, exFAT, NTFS, HFS, HFS+, ext2, ext3, ext4, YAFFS, YAFFS2
Mobile
- Operating systems: iOS (iPhone/iPad), Android, Windows Phone 8/8.1, Blackberry
- Data sources: Mobile backups, UFED dumps, chip-off dumps, JTAG dumps
Artifacts that can be extracted and analyzed
Pictures and videos
- Supported picture formats:3FR, ARW, BAY, BMP, BMQ, CAP, CINE, CR2, CRW, CS1, CUT, DC2, DCR, DDS, DIB, DNG, DRF, DSC, EMF, ERF, EXIF, EXR, FAX, FFF, G3, GIF, HDR, IA, ICO, IFF, IIQ, J2K, JFIF, JNG, JP2, JPE, JPEG, JPG, K25, KC2, KDC, KOA, LBM, MDC, MEF, MNG, MOS, MRV, NEF, NRW, ORF, PBM, PCD, PCX, PEF, PFM, PGM, PICT, PNG, PNM, PPM, PSD, PTX, PXN, QTK, RAF, RAS, RAW, RDC, RLE, RPBM, RPGM, RPPM, RW2, RWZ, SGI, SR2, SRF, STI, TGA, TIF, TIFF, WBMP, WMF, XBM, XPM.
- Picture analysis allows detection of texts, faces, and skin tone. Detection of photo manipulation (forgery) is available with Forgery Detection plugin (extra module)
- The following formats can be carved: GIF, JPEG/JPG, PNG, BMP, WMF
- Supported video formats: 3GP, 3G2, AVI, FLV, IFO, MP4, MKV, MPEG, MPG, TS, WMV, MOV
- Key frame analysis available for 3GP, 3G2, AVI, MP4, MPEG, MPG, WMV, MOV videos
Email Clients
- Outlook 2013, 2010, 2007 and older, Outlook Express
- Apple Mail
- Gmail
- Hotmail
- Yahoo Mail
- Windows Live Mail
- Mozilla Thunderbird
- The Bat
- MIME Emails.
Browsers
- Edge
- Google Chrome
- Internet Explorer
- Mozilla Firefox
- Opera
- Safari