JAD IEF vs Belkasoft, opinions?

In fairness to Belkasoft, you should edit your post where you talk about it not working.

Results from this forum get indexed in Google really quickly and they shouldn't lose a potential customer because of the method which the job was taken

Belkasoft contacted me and made some recommendations about configuring the software before doing the actual carving.

And I configured the software as they recommended and used it on a image file rather than my own live system, which was what I had done before.

And Belkasoft yielded almost the same results as the IEF. But it is very important that you should do carving rather than searching. The software has two functions "searching" and "carving".

Regards,

The first time I used it, I used it on my own computer rather than a forensic image. I used the search function of the software, which pops up when you start the software. And searching function brought far less number of hits than IEF. I was not satisfied by those results. But then I was contacted by the technical support and advised to use "carving" option instead of "searching" option. And I used the carving option. And it worked good. (Probably, it would be better if the pop up window brings the "carving" option first . )

When I used the carving option, it brought the same search hits as the IEF did. Plus, the search hits showed non-English characters as is which is even better than IEF.

That is what I have experinced with the software.

And they seem to have very good customer support. They are friendly and keen to get feedback and improve their software.

Hey Guys,

I think i'll go with Belkasoft. Its user-friendly .. very strong carving option.. and pretty fast.

However i was wondering if it supports importing an image taken by tools like (UFED,XRY,OXYGEN etc…) and then conducting analysis on them.

However i was wondering if it supports importing an image taken by tools like (UFED,XRY,OXYGEN etc…) and then conducting analysis on them.

From their website
Industry standard
Mounts EnCase, SMART and DD images including Windows, Linux and Mac OS X drives. Integrated with EnCase v.7 and Passware Kit Forensic
http//forensic.belkasoft.com/en/bec/en/evidence_center.asp

I went through some forum posts listing software users have installed on their devices. I've noticed that Internet Evidence Finder is much more popular than Belkasoft Evidence Center.

Is there any particular reason you prefer one over the other? Can you please comment on that?

I'm looking for a tool of that kind to purchase and really can't decide. Any suggestions and pros/cons would be appreciated.

I went through some forum posts listing software users have installed on their devices. I've noticed that Internet Evidence Finder is much more popular than Belkasoft Evidence Center.

Is there any particular reason you prefer one over the other? Can you please comment on that?

I'm looking for a tool of that kind to purchase and really can't decide. Any suggestions and pros/cons would be appreciated.

The connection between "popularity" and "better" is not often "direct".

IEF was released (version 1.00/Initial Release) in March 2009
http//web.archive.org/web/20101118064356/http//www.jadsoftware.com/go/?page_id=141

Belkasoft Evidence Center was released much later, December 2010
http//forensic.belkasoft.com/home/en/newsletters/20101226.htm

This would account for "some" of the difference in "popularity" (once you get a tool, and it works and the upgrade is less costly than buying another program to do the same, it is likely that you will stay with the same product).

Then, I guess that unless there will be "independent" comparison tests, the number of people that will be able to actually comment on the one being better than the other (or viceversa) will be very limited.

It would be interesting if there would be some "real life case" where (say - only hypothetically) the consultant for prosecution found with IEF something that the consultant for defense with Evidence Finder missed (or viceversa the one with Evidence Finder found something of use that was not found on the same case with IEF), but still the abilities, experience and knowledge of the one or the other consultant may play a relevant role in the final result.

It is obvious that if the two tools are proved to find exactly the same artifacts, the preference can be based only on a restricted number of "features", like (examples)

• ease of use
• speed of tool
• price
• licensing scheme
• readability of reports

part of which are however subjective.

Since both provide trial/demo versions, that should be enough to make your own opinion on these latter "features".

jaclaz

Thank you, jaclaz!

In fact I did a test drive with both tools trials using some of my old cases. The results were comparable, at least in terms of my expectations (the files I needed to be discovered). There were minor differences that wouldn't have influenced my view on the case.

So, on that basis, the choice would be simple - purchase a cheaper tool. However, I don't consider myself a forensic expert but rather a passionate and semi-advanced user. The cases I used for testing were moderate in terms of data necessary to get recovered and analyzed at the time. Thus I'd love to hear any other opinions from those that had a chance to work with both BEC and IEF and possibly identified some differences.

Belkasoft Evidence Center was released much later, December 2010
http//forensic.belkasoft.com/home/en/newsletters/20101226.htm

jaclaz

Hello, Jaclaz,

This statement is not completely correct. Evidence Center was the result of more than 2 years of work on previous product, Belkasoft Forensic Studio, which has been on the market for years before. The new product thus is not a product developed from the scratch.

This statement is not completely correct. Evidence Center was the result of more than 2 years of work on previous product, Belkasoft Forensic Studio, which has been on the market for years before. The new product thus is not a product developed from the scratch.

Sure ) , I know, and actually *no* professional product is actually developed from scratch, it usually provides a summing up of years of experience of the developer(s), I was only talking of the specific product with it's current name, which does account for the "popularity" search that fraudit may have performed.

If you search *anywhere* for "Volkswagen Golf" or for "Ford Fiesta" you will likely find more results (and more people stating that they owned one with satisfaction) than when you search for - say - "Citroen C4".

Besides the fact that the C4's have sold less than the same year Fiesta's or Golf's, the Fiesta bears the same name since 1976, the Golf since 1974 and the C4 since 2004 (but you could get a number of results form the "original" C4 which was built starting in 1928 - just to show how it is not like Mr. Citroen roll started building cars in 2004).

I personally hate the concept of "popular", as it is often completely disconnected to actual "quality".
Now, for NO apparent reason 😯
http//homepage.ntlworld.com./jonathan.deboynepollard/FGA/google-result-counts-are-a-meaningless-metric.html

jaclaz

This is an interesting topic for me, last week I had a small evidence E01. I was quite amazed at the results using different applications.
This enforced the understanding as a practitioner what is actually happening. Because the case was IIoC obviously images were of paramount importance.

Now for years personally the best carving tool i have come across is BLADE my own opinion, however its not like IEF. ( I do not personally know Graig BTW)

The first 2 results I did

Results

1. FTK = 0
2. IEF = 0

I then MANUALLY looked at the data, and soon realised that yep images should be there.

3. EnCase = 14
4. C4P = 16
5. BLADE = 32

The point im trying to make here is dont just click away with applications to FIND THE EVIDENCE do not depend upon applications … Look, work it out, try other methods. If a application gives results that in your mind are not correct, then question this to yourself.