Do you use Belkasoft? I use and have a few comments:
1. Problem with analyzing Firefox data when analyzing disk or disk image.
The process freezes or takes several days (!!)
2. Different numbers of artifacts found when:
a) We analyze the original disk through a blocker.
b) We analyze the disk image (RAW DD).
c) We analyze the disk image mounted with an external program.
Sources (a/b/c) have been verified by checksums and are the same.
3. Generally slow program operation compared to eg Axiom. Belkasoft
is supposed to make use of 32 threads but only for a certain stage
of the program's operation. In the final stage it uses barely a few % of the CPU.
4. Pornography detection is very slow. You can do it faster by manually
viewing the thumbnails.
And what are your experiences with Belkasoft?
1. It's fast enough, not better or worse then any other click-forensics tool.
2. No issues from different formats of the same device, you must be doing something wrong, a device over write blocker and it's raw image gives the same results on the test.
3. Detecting pr0n is a feature based on Anaconda2, it is as slow or fast as the external module is.
4. Is it perfect ?! No, it is not, there is always room for better!
Over all, it is great, it speeds up my work. Compared to the average user, I use Belkasoft Evidence Center with well defined purposes to ease up my work, not trying to use it for the whole data triage. Among the others, it is a very good tool!
1. If you consider a few days of analysis from the Firefox browser as "fast enough", congratulations on your sense of humor.
2. This is not true. Technical support responded that they knew the problem and were working to resolve it. However, they do not know when it will happen 🙁
3. I'm not interested in what module deals with it. It happens very slowly. Axiom uses all threads and is much faster. So you can do it better!
4. Belkasfot is weak in my opinion. The only plus is the low price.
Added to this is the lack of "remove duplicates" option. It is used by Axiom, UFED, XRY but at Belkasoft they do not understand the need for its existence and have no idea how to implement it - I received this answer from technical support.
Apparently the whole world uses Belkasoft and nobody else comments? 🙂
1. I checked with more then 10 different profiles, FF analysis is minutes.
2. I use the latest version of BEC, no difference between physical disk and image analysis, other then the paths and the plus info which is there when reading a physical disk, but data wise is the same.
3. Both Axiom and Belkasoft used for a while the same detection tool, I don't see why one would be faster then the other.
4. De-duplication works just fine, but when the results come from different logical sources, I prefer Belkasoft over all the rest, many cases would fail with a single question: Where is your data from ?! From a de-duplicated source. Ok, FAIL! Better have something proven from 100 differnet places duplicated, then have the validation void because of some "smart" algorithm!
The world uses many forensic softwares. Some good, some better, some worst. Still, some users get results, some others don't. You should do some forensics trainings and some low-level courses, then come back and b***h around which software is worse or better. I can analyze without any of these software, but using them makes the process go faster! Even with the slow BEC.
Just note, that I own and lead a company which is official reseller for all the vendors you mentioned so far. None is perfect, but simply crying on this forum won't make you any better 🙂
My experiences are as described. I have no reason to lie. I reported problems to technical support. I have confirmation for that. By a strange coincidence, the tone of your speech is the same as that of BelkaSoft technical support and Mr. Yuri 🙂 Coincidence? I don't think 😛
