BELKASOFT REMOTE ACQUISITION

Belkasoft
REMOTE ACQUISITION

 

Digital forensic and incident response tool developed specifically for remote extraction

 

Overview

 

Belkasoft Remote Acquisition (Belkasoft R) is a new tool developed specifically for remote extraction of hard and removable drives, RAM, connected mobile devices, and even specific types of data.

Belkasoft R will be useful in cases when an incident response analyst or a digital forensic investigator needs to gather evidence quickly and the devices in question are situated in geographically distributed locations.

 

EASY TO DEPLOY

You can setup agent deployment over your network with a few mouse clicks using various deployment methods such as GPO or WMI.

 

SUPPORT FOR VARIOUS OPERATING SYSTEMS

Select one or more endpoints and then select what evidence to acquire: whether you need a hard drive, volatile memory, mobile device or even specific types of data such as documents or pictures.

 

STRAIGHTFORWARD ACQUISITION

Search inside found artifacts, bookmark important data and generate comprehensive incident reports right after the analysis stage

 

MOBILE DEVICE SUPPORT

Collect both iOS and Android mobile devices, located in other geographical areas!

 

SUPPORT FOR VARIOUS NETWORK CONFIGURATIONS

Acquire endpoints from both local and global networks, including subnets behind routers, and access remote devices even on VPN.

 

QUICK PARTIAL ACQUISITION

In a hurry? Selective extraction of specific artifact types helps to save time by acquiring only necessary files.

 

MANAGE NETWORK BANDWIDTH WITH FLEXIBLE SCHEDULING

Belkasoft R allows you to specify acquisition time and upload time so that you can maintain your bandwidth load during working hours and schedule mass upload for the night time.

 

DO YOU HAVE A LARGE NETWORK?

Belkasoft R helps you to break-up your endpoints in multiple ways: by assigning them a name, group, location, and even a color, which can be used to manage various devices under your control. Easily edit or acquire endpoints from the same location or even by the same color!

 

Features

 

SUPPORTED ACQUISITION TYPES

  • Remote hard or removable disk drive
  • Selected artifacts from an endpoint
  • Remote mobile device connected to an endpoint
  • Endpoint’s RAM memory (Windows only)

 

DEPLOY AGENTS

  • Deploy agents with GPO (Group Policy Objects), if you are an administrator of a Windows domain
  • Use WMI (Windows Management Instrumentation)
  • Simply run an agent from a USB thumb drive or even a network share
  • Deploy agents onto Windows and macOS devices

 

SCHEDULE & ACQUIRE

  • Specify which endpoints to acquire. Simultaneous acquisition of multiple endpoints is supported
  • Choose whether to compress and hash data
  • Schedule when to start an acquisition and when to upload acquired data to a central location
  • Your data is secured with an SSL encryption

 

ANALYZE

  • Images created by Belkasoft R are compatible with Belkasoft X. Analyze them with Belkasoft’s flagship DFIR tool!
  • Investigate hacking and intrusions into Windows-based computers with the help of our Incident Investigations module
  • Get the most out of Belkasoft X with its powerful analytical features like Timeline, Connection Graph and Cross-Case Search

 

Tutorials

 

Customizing Belkasoft R

part 1

Customizing Belkasoft R

part 2

 

Customizing Belkasoft R

part 3

What is the difference between remote forensics and triage?

Related Posts

SuperWiper Desktop 12 NVMe ports PCIE4.0 Multiple NVMe SSD Data Erase Unit

April 8, 2024

SuperWiper 8” T4 SAS/SATA and USB3.2 Portable Data Erase Unit – Erase 13 Storage Devices

April 8, 2024

SuperWiper 8″ 4 SAS/SATA and 8 USB3.2 Ports Portable Economic Eraser Unit – Erase 12 Storage Devices

April 8, 2024