BELKASOFT X V.1.13

Belkasoft Evidence Center X (Belkasoft X) is Belkasoft’s flagship product for digital forensics, cyber incident response and eDiscovery.

Major updates for v.1.13:

• Nested archives review and analysis
• Seamless integration of Tableau TX1
• checkm8-based acquisition of iOS 15.* (including devices running the newest iOS 15.5)
• New iOS acquisition method: iOS screen capturer
• BTRFS file system support including snapshots analysis
• Advanced filters for improved eDiscovery productivity
• UTC to local time recalculation
• Extended Android APK downgrade method
• In-depth support for iOS’ Photos.sqlite analysis
• New and updated artifacts for mobile and computer sources (including new versions of WhatsApp, Facebook, Snapchat, Mega, Evernote, ICQ, Gmail, Kate Mobile, Twitter and other apps)

New features details

• Nested archives review and analysis. With the new functionality, Belkasoft X will help you to analyze data inside archives, automatically located inside your data sources. Once the ZIP, TAR, 7z, RAR, etc. file has been identified, Belkasoft X will unpack its contents and automatically analyze them for the set of 1500+ artifacts supported in Belkasoft X. Nested archives (i.e. archives inside archives) are also supported and analyzed.
• Tableau integration. Belkasoft X v.1.13 streamlines investigations for Tableau TX1 devices owners. Now you can acquire images, automatically add them to your Belkasoft X case and analyze acquired elements with just a few clicks—all without operating Tableau! All you have to do is perform a one-time set up of your TX1 options, including your user and shared folder.
• Major iOS acquisition update. Industry-first support for checkm8-based acquisition on iOS 15.5 devices and iOS screen capturer (a new acquisition method, previously only available for Android devices).

• BTRFS support. BTRFS is a file system for Linux, which is gaining traction and of specific interest and importance for a DFIR investigator or eDiscovery specialist. BTRFS support also includes snapshot analysis.
• Advanced filters. Further improvements to the advanced filter capabilities in the Belkasoft File System window. Utilize any number of simple criteria, join them using AND or OR conjunctions, use NOT clauses and named filters, and combine these capabilities to build even more complex filters for improved eDiscovery productivity.
• UTC to local time recalculation. The Belkasoft X File System window and Artifacts display UTC time columns and their local time equivalent calculated based on the case timezone and data source timezone settings. These times are recalculated upon timezone changes, whether it is the entire case timezone or a single data source timezone. For all recalculated times, a hint is shown to emphasize that this time is not original, and an explanation of which timezone was used to obtain the displayed local time.
• Android APK downgrade method is extended. Additional applications are supported: Badoo, Likee, Pinterest, QQ, SHAREit, Sina Weibo, Via Browser, Yandex Browser, and Zoom.
• iOS Photos.sqlite analysis supported. Analysis of Photos.sqlite allows to track origins of photos on an iOS device, including camera (front/rear) or third-party application, time of creation, whether it was modified on the device or not, whether it was deleted or stored as a favorite.

New and Updated Artifacts

Updated User interface

• Email viewer added
• Created date is shown for volume shadow copy snapshots
• Export to Evidence Reader can now be done from the Artifacts window (Structure pane)
• Improvements for color blind users, including hints on bookmark color categories

Issues fixed

• Fixed: iCloud Notes acquisition restored
• Fixed: Office 365 acquisition restored
• Fixed: ‘Go to original item’ from search results to bookmarks
• Fixed: Reports in VICS 1.3 and 2.0 formats
• Fixed: Re-attaching of nested data sources in the File System window
• Fixed: Conversion to IP v.4 and Unix time is lost for Type Converter of HexViewer