Belkasoft Evidence Center is an all-in-one forensic solution for locating, extracting, and analyzing digital evidence stored inside computers and mobile devices.
What's New in v8.0
What’s New in Version 8.0
Version 8.0 of the world’s leading digital forensic tool Belkasoft Evidence Center offers new acquisition capabilities, social communication graph analysis, in-depth Volume Shadow Copy support and a pack of new apps and formats.
Upgrading to version 8.0 is free of charge to all customers with non-expired Extended Software Maintenance and Support contracts. File System module can be purchased separately.
Major new functions of the product
New acquisition module. In v.8.0 of BEC the product allows you to acquire a hard or removable drive, make a logical image of Android or Apple device (including iOS 10), download iCloud and Google cloud and add all these types of acquired images to the BEC case for further analysis
New free acquisition tool – Belkasoft Acquisition Tool (or BelkaImager)
Analysis of social communications with Social Graph Builder module. New Connection Graph window visualizes entities and contacts, finds communities, shows communications for a selected link and so on
In-depth Volume Shadow Copy support. The new version of BEC can analyze even volumes with a massive amount of snapshots. You can select one or multiple snapshots to analyze. File System Explorer allows to browse snapshots’ directory structure and review files belonging to a selected snapshot, in Hex Viewer window
Alpha version of x64 build of BEC (Available for EAP users only)
As usual, each new BEC version comes with hundreds of new or updated artifact formats. See below for more detailed information.
Mobile App Support
Android Facebook extraction improved
ooVoo, Tinder iOS analysis updated
New apps: Uber for iOS, Pokemon Go iOS, Pokemon Go for Android
BEC can now analyze encrypted iTunes backup without a password and get installed applications
Property page for iOS and Android backups shows more information on devices
Item lists improved: Any metadata property can be shown as a column in Picture List, Document List and other lists
All thumbnails are now shown in a single profile (previous version shown every thumbnail file as a separate profile)
Better visualization of geolocation data on Google Maps using clustering
“Reset to default view” menu added which returns BEC windows back to default
When you click inside Case Explorer, File System Explorer or Connection Graph, corresponding item list is shown at the right
A number of tested passwords is now shown in the ongoing decryption task status
Filters updated, new convenient filters added
SQLite journal analysis improved, what made analysis of all SQLite-based artifacts quicker and more robust
Jabber support updated
Extraction of Skype message attachments made much quicker
System File Support
Windows 10 jumplists analysis updated
Network connection extraction supported for iOS and Android
Visualization of values in Registry Viewer fixed
Added support of last plug/unplug date for USB devices
Top Sites extraction supported
Web sessions extraction supported
Google Analytics extraction supported
Browser’s Tab extraction supported
OLE attachments supported for Outlook
Analysis of Gmail Offline updated
Proper visualization of negative values in SQLite Viewer
Incorrect selection inside found item fixed
Export of Skype chatsync to XML and text fixed
Face detection fixed
Missed carved URLs in Overview fixed
Missed Cache tab in Item Properties fixed for browser links having cached data
Origin property added for some artifacts where was missing in previous version
$FreeSpace carving fixed
A number of hashset analysis issues fixed
About 300 other issues fixed
Belkasoft Evidence Center makes it easy for an investigator to search, analyze, store and share digital evidence found inside computer and mobile devices. The toolkit will quickly extract digital evidence from multiple sources by analyzing hard drives, drive images, memory dumps, iOS, Blackberry and Android backups, UFED, JTAG and chip-off dumps. Evidence Center will automatically analyze the data source and lay out the most forensically important artifacts for investigator to review, examine more closely or add to report.
Discovers more than 700 types of artifacts, including over 100 mobile applications, all major document formats, browsers, email clients, dozens of picture and video formats, instant messengers, social networks, system and registry files, P2P and file transfer tools, etc. Extracts data from all major operating systems, both computer and mobile: Windows, Linux, MacOS X, iOS, Android, Windows Phone, Blackberry.
Less missed evidence
Looks for hidden and encrypted information, searches in unusual places, carves deleted and damaged data and examines files in little-known formats to discover more evidence than ever. The search includes unallocated and slack space, $MFT, $Log, Volume Shadow Copy and other special and little known areas of operating systems.
Blazing fast operation
The product allows you to perform evidence search faster than most tools as it does not index every single file found on the data source, instead searching for the most forensically significant types of artifacts. Efficient usage of СPU adds to speediness of processing, as does the code written by our team of highly qualified specialists in data analysis.
Belkasoft Evidence Center offers the broadest set of tools and features for its price compared to other forensic software. All major analytical capabilities are present even in the most affordable versions of the product. Upgrades to your license can be purchased separately with no extra charges.
Flexible licensing. Usable in the field
The most affordable license is designed to run just on one computer. Floating license is the definition of “value for money” – one license that comes with a USB dongle and allows to run the product on multiple machines. Portable edition can be plugged into any PC, laptop or desktop, with no installation or configuration required.
What are the advantages of using Belkasoft Evidence Center?
Belkasoft Evidence Center can find and analyze over 700 types of the most forensically important artifacts from all major computer and mobile operating systems. The tool supports analysis of hard drives and drive images, virtual machines, memory dumps, mobile device backups, UFED images, JTAG and chip-off dumps.
It Saves Your Time & Effort.
Unlike many other forensic products, Belkasoft Evidence Center does not require your constant presence and attention. Most of the routine is automated, allowing multi-tasking and freeing up some of your valuable time.
The product finds, analyzes, and lays out to you on a platter about 90-95% of the data from the device being examined completely automatically, but it does not stop there. You can use one of product’s powerful analytical features for low-level examinations: SQLite Viewer, Hex Viewer, Registry Viewer – to locate hard-to-access, damaged, and deleted information.
It’s Forensically Sound.
Evidence Center is designed to meet the demands of forensic experts and investigators. Workflow is simple and quick, and results are easy to convert into a report. Reports are adjustable, comprehensive, and most importantly, absolutely valid to present in a court as proven by years of experience of our users. One of the real life examples was a big case of child abuse in Croatia solved using Belkasoft Evidence Center.
The product has different licensing options to answers any of your needs. For individual users, the most affordable fixed license is available. For use in a small or medium-size company, you can buy a floating license that comes with a USB dongle, which allows to run Evidence Center on multiple PC’s; whereas portable version is perfectly suited for work in the field, as it runs from a USB drive and requires no installation.
What are the feature of Belkasoft Evidence Center?
Mobile and Computer device examination.
Supporting all major desktop and mobile operating systems, Belkasoft Evidence Center is suitable for mobile and computer forensics. It can parse real and logical drives and drive images, virtual machines, mobile device backups, UFED images, JTAG and chip-off dumps.
Smart and Comprehensive Analysis.
The product looks everywhere on the device completely automatically and can successfully identify over 700 types of digital artifacts. Convenient Evidence Search feature helps to narrow down the findings using filters, pre-defined search, or other options.
Data carving allows to locate evidence that was deleted, destroyed, or never stored on the hard drive at all (page file, hibernation file, RAM contents). Besides, advanced carving mode called BelkaCarving™ is available, making it possible to reconstruct fragmented chunks into contiguous pieces of information that would otherwise not be accessible at all.
Native SQLite Parsing.
Recovers corrupted and incomplete SQLite databases, restores deleted records and cleared history files. Prosesses freelists, write-ahead logs and journal files, and SQLite unallocated space.
Live RAM Analysis.
Evidence Center can extract potentially crucial information from volatile memory, such as: in-private browsing and cleared browser histories, online chats and social networks, cloud service usage history, and much more. Belkasoft Live RAM Capturer is a powerful tool for creating memory dumps, and it is complimentary.
Handy Built-in Tools.
PList, Registry, and SQLite viewers allow you to work more thoroughly with particular types of data and find even more evidence than automatic search was able to discover.
Equipped with File System Explorer, Hex Viewer, and Type Converter, Belkasoft Evidence Center will allow you to perform deep examination of the contents of files and folders on the device.
Extendable with BelkaScript.
Free scripting module allows user to write their own custom scripts in order to automate some of the routine and further extend the product’s functionality.
Belkasoft Evidence Center runs on any Windows OS, starting Windows XP to Windows 10, both 32- and 64-bit versions.
The following types of data sources are supported:
Operating systems: Windows (all versions, including Windows 10), Mac OS X, Unix-based systems (Linux, FreeBSD, etc.)
Storage devices: hard drives and removable media
Disk images: EnCase, L01/Lx01, FTK, DD, SMART, X-Ways, Atola, DMG
SIMPLE – Belkasoft Evidence Center is designed to be easy to use with its straighforward and convenient interface. Most of the routine is automated, and commands can be given using compact toolbar or context menu. No special training is required in order to be able to work with the product, and our support specialists will be glad to help if you face any issues.
FAST – The tool skips indexing every single file and folder in the file system, instead searching specifically for the most significant types of digital evidence that forensic investigators most often look for. Advanced algorythms allow for fast and comprehensive evidence search and analysis, helping to speed up the investigation and save your time.
POWERFUL – Belkasoft Evidence Center can analyze mobile and computer devices, device back-ups and disk images, virtual machines, and memory dumps. The product identifies and analyzes hundreds of artifact types completely automatically, while it is also equipped with a variety of analytical tools that help to ensure wholeness and high quality of investigation process.
FAIR PRICE – Compared to other similar tools on the market, Evidence Center offers the most for its price. Besides, knowing how challenging it can be to receive funding, we use very flexible pricing scheme where customers can choose the combination of features that fits the budget.
For one user on one computer.
Part No: AP-BEL-ECFXL
Comes with a USB dongle. This licensing option allows to run Belkasoft Evidence Center on multiple machines. We recommend to select this option if there will be more than one user to work with the product, or if a single user needs to run Evidence Center on different computers.