Belkasoft
What specific advantages does Belkasoft Evidence Centre offer compared to other forensics tools?
Comprehensive data acquisition:
It supports the collection and analysis of data from multiple sources, including computers, mobile devices, RAM and cloud services, enabling a holistic investigation.
User friendliness:
The intuitive user interface enables investigators to work quickly and efficiently without extensive training.
Speed and efficiency:
Multicore processors are used optimally to maximise the speed of analysis. This significantly accelerates the processing of large amounts of data.
Advanced analysis functions:
Belkasoft offers powerful analytical tools such as timelines, connection diagrams and comprehensive data recovery (data carving) to find even deleted or hidden evidence.
Flexibility and adaptability:
The software is available in different editions tailored to different needs, from small investigators to large law enforcement agencies.
What special features does Belkasoft Evidence Center offer for analysing mobile devices?
Comprehensive acquisition:
The software supports the capture of data from iOS and Android devices, including the use of agent-based methods, jailbreaks and standard ADB backups. This enables a complete file system copy and access to important data.
Checkm8-based recording:
This function allows data to be extracted from iPhones, even if they are locked, without having to perform a jailbreak.
Live RAM analysis:
Belkasoft can extract volatile data such as chats and browsing history, which is crucial for reconstructing user activity.
Advanced analysis tools:
The software offers functions for analysing messenger data, social media and other mobile artefacts, as well as native SQLite database recovery.
How does Belkasoft Evidence Centre support the work of investigators recovering data from encrypted devices?
Access to encrypted data:
The software enables access to devices that are secured with full disk encryption (e.g. APFS, BitLocker) and extracts data even from locked iPhones using checkm8 technology without jailbreak.
Comprehensive data acquisition:
Belkasoft can collect data from multiple sources, including mobile devices and cloud services, allowing for complete analysis.
Live RAM analysis:
This feature extracts volatile data such as chats and browsing history that may not have been saved, which is crucial for reconstructing user activity.
What experiences have other companies had with Belkasoft Evidence Centre?
User friendliness:
Many users appreciate the intuitive user interface and the simple installation, which enables them to get started with the software quickly. The ability to seamlessly integrate multiple data sources is also emphasised.
Efficiency and speed:
The software optimises the analysis process by quickly identifying forensically relevant artefacts. Users report a high speed when processing large amounts of data without system failures.
Extensive functions:
Belkasoft Evidence Centre supports a variety of data sources and formats, including mobile devices and cloud data. The ability to analyse live RAM and recover deleted data is considered particularly valuable.
Flexibility:
The software is customisable and offers different editions tailored to different needs, making it attractive for law enforcement agencies as well as private investigators.
Belkasoft Evidence Centre enables IT forensic analysis of various devices and platforms, including:
Computer:
Windows (all versions), macOS, Unix-based systems (Linux, FreeBSD)
Mobile devices:
iOS (iPhone/iPad), Android, Windows Phone 8/8.1, Blackberry
Hard drives and removable media:
Support for DD and E01 formats with hash calculation
Virtual machines:
VMWare, Virtual PC/Hyper-V, VirtualBox
Storage media:
RAM dumps, hibernation files, page files
Cloud services:
Data from various cloud platforms
Belkasoft Triage (Belkasoft T)
- Rapid analysis: Designed for rapid triage of live computers, it allows investigators to quickly identify and partially image critical data.
- Automated RAM dump capture: Captures volatile data that could otherwise be lost.
- Recognition of artefacts: Identifies over 1500 types of digital artefacts, including emails and chats.
- Portability: Can be started from a USB stick without installation on the target device.
Belkasoft Network (Belkasoft N)
- Network analysis: Specially developed for analysing network data, provides tools for examining network traffic and protocols.
- Malware detection: Supports the identification and analysis of malware activities in the network.
Belkasoft Remote (Belkasoft R)
- Remote access: Allows investigators to access remote systems to collect and analyse data, which is particularly useful in security incidents.
- Real-time analysis: Provides the ability to analyse data in real time and take immediate action.
Malware and hacker attacks
Belkasoft Evidence Centre supports the investigation of malware and hacker attacks:
- Detection of suspicious activities: Analyses system logs and artefacts for signs of compromise.
- Cross-case search: Enables connections between different cases to be recognised in order to identify patterns or recurring threats.
- Live RAM analysis: Extracts volatile data to analyse current attacks or malware activities.