Forensic Analysis Of Files And Memory Processes In Belkasoft Evidence Center

Belkasoft Evidence Center (or BEC) is an all-in-one digital forensic product, which helps investigators to acquire, extract and analyze digital data. The product offers out of the box analysis of hundreds of important artifacts (such as documents, emails, pictures and videos, chats and browser links, registry and system data, etc), as well as low level analysis of files and processes.

In this article we will discuss how BEC supports the second type of analysis: low level investigation of files and processes.

Sign up to the free webinar on BEC 2017: https://belkasoft.com/webinar

File System and File Analysis with BEC 2017
You start your investigation by acquiring data from a data source. BEC supports acquisition of hard or removable drives, computer RAM memory, mobile devices and cloud data:


BEC is able to acquire Google cloud and iCloud

Besides, you can also add already acquired data, such as a mobile phone dump or a backup, a folder, a virtual machine file and so on. In the screenshot below, we add an E01 image:


Get The Latest DFIR News!

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.


All popular types of images are supported, including EnCase, FTK, UFED and X-Ways

The product asks whether you would like to analyze the image or not. Here, “analysis” means out of the box extraction of 700+ types of artifacts BEC supports, such as the above-mentioned ones. We do not need this now, thus the checkbox is not ticked in order to save time by skipping out of the box analysis.

Once a data source is added to the case, it immediately appears in the File System Explorer window. This window allows you to see the volume, partition and folder structure of the data source. BEC allows you to see all folders, including hidden and system ones:


Particularly, BEC allows you to analyze all or selected VCS snapshots

Leave a Comment

Latest Videos

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...