Belkasoft have released a major update to their flagship forensic tool, Belkasoft Evidence Center. With the version 7.0, Evidence Center becomes a true all-in-one forensic solution, reliably analyzing evidence from all imaginable sources.
Evidence Center is well known for its ability to easily find and analyze 500+ types of evidence (such as documents, emails, chats, system and registry files, etc.). What makes this new release different is the ability not just to analyze supported apps and formats, but also to perform low-level investigations of any piece of evidence on a suspect’s device or image.Here are the new modules in your arsenal:
• File System Explorer shows all files and folders, including deleted and special ones
• Hex Viewer helps investigator to conveniently glance over binary data, while Type Converter assists in interpreting it
• Scripting allows to extend Evidence Center with custom functionality
• Live RAM Process Explorer helps to extract and visualize process memory
Newly added features make Belkasoft Evidence Center 2015 one of the most complete solutions in the field of digital forensics.
File System Explorer
The File System Explorer allows forensic experts to access the complete structure of a device, dump, drive or memory image, mobile phone, tablet, or virtual machine. Within this module, investigators are able to analyze all volumes and partitions to browse existing and deleted files and folders, including special ones such as $OrphanFiles, $Log, $BadClus and so on.
On this picture you can see an Android phone (chip-off dump) file structure shown by File System module of Belkasoft Evidence Center 7.0. Particularly, you can see hidden special folder $OrphanFiles.
BelkaScript
Custom scripting engine BelkaScript makes Evidence Center a truly user-extendable tool. BelkaScript uses easy to learn simplified C# programming language, so that the experts can write their own modules to extend Evidence Center functionality. We included a number of samples in the product installation, allowing users to write the first script easily. To give an example, one of the sample scripts implements custom header-footer carving using a pre-defined signature.
Scripts are written in simplified C#. Scripting window allows to debug custom extensions using breakpoints, step-by-step debugging, variable values inspection and so on.
Hex Viewer and Type Converter
Hex Viewer enables binary analysis of any file on the disk, mobile device, image, process or memory dump. Handy Type Converter allows to inspect any selected value, interpreting it as various data types, such as numbers, date/time stamps, IPs, etc.
Built-in Hex Viewer allows low-level file investigation; it has a handy type converter, showing current selection in different formats; search and bookmarking; saving selection to a file; advanced Go to, including jump to a relative offsets and many more.
Live RAM Process Explorer
Live RAM Process Explorer works similarly to File System Explorer, but with processes instead of files. For example, investigators can view all processes – dead or alive – within Windows 7 memory dump and explore memory of, say it, Skype.exe and AppleMobileDev processes using Hex Viewer and Type Converter.
Windows 7 Live RAM processes are shown, including dead processes; it is possible to select a process and review its memory in Hex Viewer.
About Evidence Center
Belkasoft Evidence Center is one of the few digital forensic tools investigating both PC and mobile devices running not just Windows, but also Mac OS X, iOS, Linux/Unix, Android, and alternative systems.
In addition to low-level investigation, the tool provides out of the box evidence discovery and analysis for 500+ forensically important “low-hanging fruits”, such as email, documents, mobile apps, SQLite databases, registry and system files, internet chats, social networks, pictures, videos, encrypted files and volumes, and many more. The following data sources are supported:
• Computer hard drives
• Drive images
• Smartphone backups
• UFED images
• Raw chip-off dumps of mobile phones
• Live memory dumps
• Virtual machines
• Etc.
Time-limited offer
A number of newly released modules with a total value of $600 is available for existing customers at no charge. If you have a non-expired floating license for Belkasoft Evidence Center Ultimate with Case Management, or if you are just planning your purchase, you are eligible to upgrade and receive the new modules free of charge. The offer expires by December 31, 2014.
• Request a FREE trial:
http://belkasoft.com/trial
• More information about what’s new in version 7.0 is available at
http://belkasoft.com/bec/en/Whats_New_In_Version_7.0
