±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 32595
New Yesterday: 5 Visitors: 136

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

10 Reasons To Use Belkasoft Evidence Center 2017

Tuesday, November 29, 2016 (15:05:11)

10 Reasons To Use Belkasoft Evidence Center 2017

Evidence Center 2017 is an all-in-one digital forensic solution by Belkasoft – leading forensic software manufacturer. Why do you need this product in your investigator's toolset?

1. Belkasoft Evidence Center (BEC) supports both computer and mobile forensics
Whether you have a laptop or an iPhone device, desktop computer or Android tablet, the same BEC software can help you to understand what information is kept inside.


BEC helps you to acquire and analyze computers, mobiles, clouds and RAM

"My Agency has been using Belkasoft Evidence Center for 2 years now. The software is a powerful robust Forensic tool with all the built in features needed for a thorough examination for computers and cell phone images. I highly recommend this great tool in any Forensic examiners arsenal of tools."
David Shelton, Chief Forensic Examiner at Advanced Technology Investigations, LLC in Greensboro, NC USA


2. BEC recovers all available data
Doesn't matter if data is still kept in files or deleted, hidden in unallocated or slack space, the product can easily reveal it by searching inside existing files, carving using file or record signatures, analyzing Volume Shadow Copy and many other forensically important areas (such as, for example, SQLite freelists).

BEC recovers deleted SQLite records from a seemingly empty Skype database with the help of SQLite freelist analysis

3. BEC supports all stages of your investigation
Starting from the acquisition phase, where the product helps you to copy a hard drive, create a smart mobile device dump, capture RAM memory and even download Google Drive or iCloud, to creation of reports in numerous formats, the product eases all routine operations of your investigation.

RAM Capturer, which is a part of BEC package, robustly dumps a running computer RAM memory in kernel mode. The memory dump can then be analyzed in BEC for things like social network communications, chats, in-private browsing and so on

4. BEC can extract more than 700 types of artifacts out of the box
Automatic extraction of application data, which we call "Low hanging digital fruits analysis", can be enough to solve the vast majority of cases, where you are investigating internet communications, documents or, say it, photos. The product knows all popular (and even less known) apps, such as WhatsApp, WeChat, Snapchat, Skype, major browsers and mail apps such as Outlook, office formats such as MS Word or Open Office Spreadsheet, so you do not have to know data formats, file locations, signatures for carving files or individual records, encryption schema, and so on. Moreover, the product will find these data in all potential places, that is, not only in existing files, but also in Live RAM memory, pagefile or hibernation files, virtual machines, VCS snapshots, unallocated or slack space and so on.

Easy to use artifact selection window allows you to choose from hundreds of different apps to analyze

5. BEC is easy to use
Getting first results using "low hanging fruits analysis" is easy as 1-2-3. The only few things you need to do are:

1. Add a device or dump to your case (or acquire it using built-in acquisition feature)
2. Select types of artifacts to look for
3. Enjoy!

After the software finishes searching, all data will be conveniently presented in different perspectives: by file system location, by application profile and by type of data. Timeline will show you all events inside the device sorted by time, bookmarks will help to mark important items, index-based search will find keywords, including grep search and predefined search (e.g. credit cards, SSN numbers, MAC or IP addresses and so on). The product interface is so easy and intuitive that you can start using it right after the installation, without weeks of paid training that some other products require in order to operate effectively.

The product automatically extracts pictures from all available sources: from files on a drive or dump, carved from unallocated/slack space, email attachments, Windows thumbnail files, embedded in documents and so on

Any issue arose can be solved quickly with friendly and very responsive support service, and product updates containing bugfixes and improvements are released every few weeks. You can see release history at https://belkasoft.com/new

"Belkasoft Evidence Center has earned itself a fixed position in most of our forensic workflows because it helps us to find relevant information very fast and easily. Even when we faced challenges in our investigations we experienced an extraordinary fast and competent support from Belkasoft that showed us that BEC is actively developed and we always felt backed up by the support."
Heiko Rittelmeier, M.Sc. Digital Forensics, Germany


6. Advanced low-level analysis is available in BEC
While in most cases automated extraction will be enough, more complex investigations may require manual analysis of devices in question. For such types of investigations BEC provides powerful File System explorer, which shows all volumes and partitions inside the device, both existing and deleted folders, VCS snapshots, existing and deleted files. Each partition or file can be reviewed in Hex Viewer, the window assisting you to investigate individual bytes, make automatic type conversions, create bookmarks, run custom carving and apply various encodings.

WhatsApp folder discovered inside Android backup and presented inside File System tab of BEC. HexViewer shows binary contents of msgstore.db, some of bytes are bookmarked and highlighted using different colors

Apart from HexViewer, there are more low-level viewers like SQLite Viewer, Registry Viewer and Plist Viewer used for the investigation of corresponding types of files.

7. BEC offers comprehensive analysis of your devices
The product can detect skin and faces inside pictures and videos, recognize texts in scans, detect encryption and decrypt 220+ types of files. Powerful Photo Forgery Detection module finds photos which were edited after the shot was taken. Geolocation analysis will show all geo-enabled artifacts (pictures, URLs, Uber and other mobile apps data) on Google Maps, Google Earth or export them to KML format maps. SQLite analysis automatically reveals data in special areas in a database, such as freelists, journal or WAL files, SQLite unallocated and so on. Scripting allows you to extend the product to make some custom processing like custom carving, custom search or custom reporting.

Built-in Google Maps visualize all GPS-enabled data from photos, URLs, mobile apps like Uber and so other

Have some other products used on a daily basis? Belkasoft is integrated with Guidance Software EnCase, BlueBear LACE, Passware Kit Forensic and others; built-in export and scripting always allow you to integrate BEC with any other third-party product.

8. BEC is quick
Unlike many competitor products that search for and index unnecessary data, BEC indexes and searches only data you need in a course of forensic investigation, thus the initial extraction and analysis will complete in few hours, not days or weeks. Sophisticated algorithms make sure that all cores and memory of your investigation machine are used one hundred percent efficiently, enabling parallel processing, which also significantly speeds up the analysis.

"Throughout the six years of my personal experience as a forensic examiner, I have tried many forensic tools, but I find that it's Belkasoft Evidence Center that can help find crucial data for the investigation and verification processes in the fastest and the most effective way."
Tamas Lakatos, Computer Forensic Expert, Hungary


9. BEC shows the entire picture
With Social Graph window you can reveal connections between various individuals in your case. Proprietary algorithm finds most important links and allows you to detect communities of tightly connected people.


In this picture you can see 4 groups of people, found automatically by BEC in 18-device case. Groups are marked with different colors, which mean that people from the same "color" likely know each other very well, while they are not closely connected to the people from other groups. Larger circles mean more important persons, who act as "gate keepers", so it might be a good idea to start investigation with such people.

10. BEC is just much more cost-effective
The product offers more features for a lower price than the competition. Not only does it save your money at the moment of purchase, but it also helps saving each year on decently priced renewals. Moreover, our free Evidence Reader allows you to share part of your work with your colleagues at absolutely no cost, thus saving you even more! Finally, Belkasoft customers have a wide variety of discounts towards purchase of our partners' digital forensic products.

"Our company has been using software products from Belkasoft since 2011. Before that we were using 2 other forensic tools, but Belkasoft Evidence Center has proven to be more convenient and versatile. Not only it allows analysis of all the types of data that we look for on various devices, but it also comes at a very fair price."
Tsvetomir Atanasov, Matrex EOOD, Bulgaria


Would like to get an independent opinion on Belkasoft Evidence Center? See recently published review by Shafik Punja, well-known digital forensic investigator: https://www.digitalforensicscorp.com/blog/review-of-belkasoft-evidence-center-bec/

Convinced by the reasons and eager to try Evidence Center yourself? Download your full trial license right now at https://belkasoft.com/trial!

More details on BEC
• Sign up to free online webinar: https://belkasoft.com/webinar (NEW: Webinars in Spanish are now available!)
• Quote request: https://belkasoft.com/quote
• Belkasoft articles on various forensic topics: https://belkasoft.com/articles
• Who else are Belkasoft customers: https://belkasoft.com/customers
• BEC tutorials: https://belkasoft.com/tutorials
• Academic discounts: [email protected]

0 comments

Log in to post a comment. The comments are owned by the poster. Forensic Focus is not responsible for their content.
Threshold