BELKASOFT EVIDENCE CENTER X

Reliable end-to-end solution to accelerate digital forensic and incident response investigations

Are you interested in this product?

1300 55 33 24

contact@cdfs.com.au

Quote Request

Belkasoft Evidence Center X

Easy to use

Belkasoft Evidence Center X works out of the box and can be easily integrated into customer workflows. The software interface is so user-friendly that you can start working with your cases right after the Belkasoft X deployment.

 

Comprehensive investigations

Belkasoft Evidence Center X acquires, examines, analyzes, and presents digital evidence from major sources—computers, mobile devices, RAM and cloud services—in a forensically sound manner. If you need to share the case details with your colleagues, use a free-of-charge portable Evidence Reader.

Quick and smart

While performing search tasks for evidence, Belkasoft Evidence Center X uses approaches that enable it to find the most forensically significant artifacts quickly instead of wasting time on redundant operations.
Powerful analytical features such as a connection graph, a timeline and advanced picture and video analysis help you to uncover facts rapidly.

Save your time and efforts

Belkasoft X automates search tasks, and thus the product can run unattended, you can multitask and complete an investigation at a quick pace.

Tailored to your needs

You can select a product edition that suits your workflow, whether you are an expert in a digital forensic laboratory of a federal law enforcement agency or in a digital forensic and incident response consulting company, an investigator in a local or state police department, or a private practitioner.
Thanks to the flexible price structure you will find the product edition which perfectly fits your needs and budget.

Time-proven

Belkasoft Evidence Center X is based on the successful Belkasoft Evidence Center and encompasses many years of experience, a large amount of user feedback, and expert suggestions from numerous investigators from both a law enforcement and corporate world.

 

ACQUIRE

 

Mobile and Computer Acquisition

 

The product allows you to acquire data from a computer, a laptop or a mobile device. Hard and removable drives are acquired into DD and E01 formats with optional hash calculation and verification. For mobile devices running iOS Belkasoft X acquires iTunes backup and full file system copy with keychain by means of agent-based and checkm8-based methods or when a device is jailbroken; for Android devices there are multiple approaches to data acquisition: standard ADB or agent-based backup, Qualcomm and MTK-specific dumps, physical and logical backup for rooted devices, APK downgrade and other methods.

  • E01/DD imaging
  • Jailbreak support
  • checkm8
  • Agent-based acquisition

EXAMINE

 

Mobile and Computer Device Examination

 

Supporting all major desktop and mobile operating systems, Belkasoft Evidence Center X is suitable for mobile and computer forensics. It can parse real and logical drives and drive images, virtual machines, mobile device backups, UFED and GrayKey images, JTAG and chip-off dumps.

  • Chat apps
  • Browsers
  • Mailboxes
  • Documents
  • Pictures & videos
  • Audio
  • System files
  • Mobile apps
  • Payment apps
  • Online games
  • Clouds
  • P2P

 

REVIEW & ANALYZE

 

Smart and Comprehensive Analysis

 

The product looks everywhere on the device completely automatically and can successfully identify thousands types of digital artifacts. Convenient Evidence Search feature helps to narrow down the findings using filters, pre-defined search, or other options.

  • File System Explorer
  • Artifacts viewer
  • SQLite viewer
  • Registry viewer
  • Plist viewer
  • Hash set analysis
  • Advanced picture and video analysis
  • WDE and file decryption
  • Timeline
  • Connection graph
  • Cross-case analysis
  • Incident investigations

 

Native SQLite parsing

 

Recovers corrupted and incomplete SQLite databases, restores deleted records and cleared history files. Processes write-ahead logs, journal files, and SQLite unallocated space.

 

Live RAM analysis

 

Belksoft Evidence Center X can extract potentially crucial information from volatile memory, such as: in-private browsing and cleared browser histories, online chats and social networks, cloud service usage history, and much more. Belkasoft Live RAM Capturer is a powerful tool for creating memory dumps, and it is complimentary.

 

Handy built-in tools

 

PList, Registry, and SQLite viewers allow you to work more thoroughly with particular types of data and find even more evidence than automatic search was able to discover.

 

Low-level investigations

 

Through its File System window, Hex Viewer, and Type Converter tools, Belkasoft Evidence Center X allows you to perform deep examinations into the contents of files and folders from devices. With its customizable File and Data carving functions, you get to recover deleted and hidden artifacts and perform memory process analysis to view alive and dead processes in memory dumps. You can also use its hash algorithms to run searches against hash sets (NSRL and ProjectVic formats included).

 

REPORT

 

Customizable reports in multiple formats

 

Reports in numerous formats such as text, HTML, XML, CSV, PDF, RTF, Excel, Word, EML, KML.

 

Free portable case viewer

 

Free Evidence Reader allows sharing your findings with your colleagues with or without Belkasoft Evidence Center X installed.

 

Belkasoft Evidence Center X allows data extraction from multiple sources:

 

COMPUTER

 

  • Operating systems: Windows (all versions, including Windows 10), macOS, Unix-based systems (Linux, FreeBSD, etc.)
  • Storage devices: hard drives and removable media
  • Disk images: EnCase, FTK, X-Ways, AFF4, L01/Lx01, DD, SMART, Atola, DAR, DMG, archive files (such as tar, zip and others)
  • Virtual machines: VMWare, Virtual PC/Hyper-V, VirtualBox, XenServer
  • Memory: RAM dumps, hibernation files, page files
  • File systems: APFS, FAT, exFAT, NTFS, HFS, HFS+, ext2, ext3, ext4
  • Acquisition: Available to DD or E01 images with optional hash calculation and verification

MOBILE

 

  • Operating systems: iOS (iPhone/iPad), Android, Windows Phone 8/8.1, Blackberry
  • Data sources: Mobile backups, UFED and OFB images, GrayKey, chip-off dumps, TWRP images, JTAG dumps, Blackberry IPD and BBB backups, Android physical and logical dumps, Xiaomi MIUI backups, Huawei HiSuite backups
  • File systems: APFS, HFS+, F2FS, YAFFS, YAFFS2, ext2, ext3, ext4
  • Acquisition
    • iOS: iTunes, agent-based, checkm8-based, lockdown file support, AFC, jailbroken devices support, crash logs
    • Android: ADB backup, advanced ADB backup, agent backup, rooted devices support, PTP/MTP, EDL for Qualcomm, MediaTek, APK downgrade, agent-based MTK acquisition, Spreadtrum acquisition, automated screen capture

CLOUD

 

  • Google Clouds: Google Drive, Google Sync, Google Keep, GMail, Google Timeline, Google MyActivity
  • iCloud
  • Email: Yahoo, Hotmail, Opera, Yandex, Mac.com and 25 more webmail clouds
  • Instagram
  • WhatsApp: backups downloading and QR code-based chat downloading
  • Carbonite

 

Belkasoft Evidence Center X runs on any Windows OS, starting Windows 7 SP1 (64-bit versions).