Menu

Belkasoft Evidence Center

Belkasoft forensic software

Belkasoft Evidence Center 2017

All-in-one forensic solution for locating, extracting, and analyzing digital evidence stored inside computers and mobile devices
Trusted by the police around the Globe
Used by thousands forensic experts and police departments from more than 70 countries worldwide

Evidence Center 2017 Features

  • Fully automated acquisition, extraction and analysis of 700+ types of evidence
  • Destroyed and hidden evidence recovery via data carving
  • Live RAM analysis
  • Cloud data downloading and analysis
  • Advanced low level expertise
  • Concise and adjustable reports, accepted by courts

Read the in-depth review here!

A Walk-Through of Belkasoft Evidence Center 2017

Types of evidence supported by Evidence Center 2017

  • Office documents
  • Email clients
  • Pictures and videos
  • Mobile application data
  • Web browser histories, cookies, cache, passwords, etc.
  • Chats and instant messenger histories
  • Social networks and cloud services
  • System files, including jumplists, thumbnails and event logs
  • Encrypted files and volumes
  • Registry files
  • SQLite databases
  • Peer-to-peer software
  • Plist files
  • Geolocation data
  • Payment systems

 

Evidence Center works with the following data sources and file systems

  • Storage devices – Hard drives and removable media
  • Disk images – EnCase (including Ex01), L01/Lx01, FTK, DD, Smart, X-Ways, Atola, DMG
  • Mobile devices – Mobile backups, UFED dumps, chip-off and JTAG dumps
  • Virtual machines – VMWare, Virtual PC, VirtualBox, XenServer.
  • Volatile memory – Life RAM dumps; fragmented memory set analysis with BelkaCarving™
  • Memory files – Hibernation file and Page file
  • Unallocated space – Data carving discovers destroyed evidence
  • Network traffic – PCAP files
  • File systems – FAT, exFAT, NTFS, HFS, HFS+, ext2, ext3, ext4, YAFFS , YAFFS2

Types of analysis performed by Evidence Center 2017

  • Existing files search and analysis. Low-level investigation using Hex Viewer
  • Data carving and destroyed evidence recovery
  • Live RAM analysis including process extraction and data visualization
  • Cloud data analysis (iCloud, Google Drive, Google Plus)
  • In-depth Volume Shadow Copy support
  • Hibernation file (hiberfil.sys) and page file (pagefile.sys) analysis
  • Native SQLite analysis with freelist and WAL support
  • Discovers deleted SQLite records, e.g. Skype conversations or WhatsApp messages
  • Picture analysis including EXIF and GPS analysis, face/test/pornography/forgery detection
  • Video key frame extraction
  • Analysis of social communications with Social Graph Builder module
  • Encryption detection
  • Special files and folders analysis (e.g. Volume Shadow Copy, $OrphanFiles, $MFT etc.)
  • Hashset analysis
  • Flexible analysis with BelkaScript, free scripting module
  • Advanced search and data filtering, more than 20 types of predefined search (card and telephone numbers, names, suspicions words, etc.)

 

Evidence Center helps investigate the following systems

  • Windows (all versions, including Windows 10)
  • Mac OS X
  • Unix-based systems (Linux, FreeBSD, etc.)
  • iOS: iPhone, iPad
  • Android
  • Windows Phone 8/8.1
  • Blackberry