Belkasoft Evidence Center 3.0

Belkasoft announces a major upgrade to its flagship forensic product, Belkasoft Evidence Center. The new version 3.0 adds picture and video support, enabling forensic investigators to run automated searches for images and video footage containing people’s faces or pornographic content. Version 3.0 also adds the ability to investigate Mac disks, including the support for 12 most popular instant messengers running on the Apple MacOS platform…Automated Face Search and Porn Detection in Still Images and Videos

In addition to instant messenger, email and chat support, Belkasoft Evidence Center 3.0 can now discover and analyze still images and video files. Automatic face detection allows near-instant discovery of all media containing recognizable persons, while the newly added porn detector locates still and video files of pornographic nature. In addition, the text detection feature discovers images with text information in them. Sophisticated neural network techniques are employed to provide quick, surefooted discovery with less than 5% of false negatives and about 16% of false positive detections.

MacOS Support

Thanks to the newly added Mac format support, Belkasoft Evidence Center can now successfully mount and analyze disks formatted with HFS and HFS+ file systems. Physical drives and disk images made with drive imaging tools such as Encase, SMART and DD are supported. Existing and deleted conversations can then be successfully extracted. Support for the following twelve instant messengers running under MacOS has been added: Adium, AIM, Brosix, Fire, iChat, ICQ, InstantBird, Mail.Ru Agent, Mercury, Nimbuzz, Trillian, and Yahoo! Messenger.

Get The Latest DFIR News!

Top DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

Additional Enhancements

A wide range of smaller extra enhancements have been incorporated into Belkasoft Evidence Center, improving the product’s ability to deal with large and unusual email databases, adding support for new email clients and instant messenger applications, and improving support of certain social networks and online email services. The complete list of news and enhancements is available at http://forensic.belkasoft.com/en/bec/en/Whats_New_In_Version_3.0.asp.

About Belkasoft Evidence Center

At version 3.0, the company’s flagship computer forensic tool helps security and forensic specialists collect and analyze more digital evidence from PC and Mac computers than ever. Belkasoft Evidence Center will automatically locate, process and analyze Internet chat logs, Web browsing history and email communications including all stored passwords, cached forms, information stored in cookies and digital pictures, mailboxes and system files. Low-level access to hard disk and system structures means that even data that’s been deleted by a suspect cannot escape from investigators.

The affordable Standard edition is available to private investigators and corporate security departments, while the more comprehensive Enterprise edition allows major security agencies and police departments to have multiple investigators work simultaneously on a case.

Leave a Comment

Latest Videos

Quantifying Data Volatility for IoT Forensics With Examples From Contiki OS

Forensic Focus 22nd June 2022 5:00 am

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run. 

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems. 

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run.

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems.

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i0zd7HtluzY

A Systematic Approach to Understanding MACB Timestamps on Unixlike Systems

Forensic Focus 21st June 2022 5:00 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...