Alan Jeffries is DFIR and eDiscovery Practitioner, with a vast experience in network security, from D3 Forensics Limited
"Belkasoft Evidence Center X is a very good all-in-one digital forensic investigation tool. We were impressed by the flawless installation and easy-on-the-eye, and user-friendly interface. We class Belkasoft X as a next generation forensic tool."
Belkasoft Evidence Center X ("Belkasoft X") is a very good all-in-one digital forensic investigation tool that enables the investigator to easily add data from multiple sources, including computer devices including RAM acquisition, mobile phones, cloud storage and existing forensic images, or even just a folder of data. The software tool also facilitates the review and analysis of processed data and makes the task of managing several cases simultaneously and reporting of same very easy.
Belkasoft X is in many ways similar to other software tools that we already have in our arsenal. However, it does a few of things better and is a lot more intuitive. We were impressed by the flawless installation and the ease of activating the software license, and once activated, the "Home page"; Belkasoft Evidence Center X comes with a modern, easy-on-the-eye, and user-friendly interface—We very much liked the links to how-to resources, video tutorials and online user manual. It is uncomplicated and easy to create new and/or open cases and ingest data for processing from this single screen.
Figure 1. Home screen
Also, very handy is the "Tasks" tab from which one can view the progress of evidence acquisition, handle processing problems and attempt at rectifying errors. A good example is a message asking to either provide a Google Chrome password to decrypt some data or skip and complete processing. This is a very useful feature and provides a level of vision into the case and where things stand and provides options.
The artifacts window and the properties and file viewer panes layout are very functional and convenient to use, very good indeed as it allows for effortless drilling down data and makes the investigation process less challenging. If you were starting out and equipping the company with forensic tools we would definitely include Belkasoft X in the mix. Or if training up a junior forensicator this would certainly be a tool that would be easy to train them on. Pricing wise we believe that this is real value and if such a pricing point can be maintained it is not be a barrier to entry. The digital forensic world is constantly evolving and this tool we class as FNG (Forensic Next Generation) for digital forensic practices that have been loyal to the old guard (Encase, Access Data and such) this is indeed worth a closer look, the old guard tools have far less features then a FNG tool has. Features that are bolted onto tools that really have not evolved over the years make for bloatware. Belkasoft X seems to us to be a total rewrite of the Belkasoft product, which incorporates all that has been previously learnt along the way.
Figure 2. Artifacts window
Highlights:
- Intuitive interface for adding different data sources—Including mobile forensic images.
- Sorting and classifying data, including mobile data—Allows the investigator to focus in on what’s important in the investigation.
- Visualising (Connecting) and clustering data—Visualisations that can be exported into reports.
- Reporting—Exports in many formats including word (docx) and excel (xlsx). Makes working with report data easy—Will be welcomed by seasoned investigators.
If there is one negative it would be, we feel that the desire to make the application intuitive and pretty comes at the cost of simplicity and speed; for example, applying and adjusting search filters requires too many steps (clicks) and selected filters do not show on top of the search result window. Same for the timeline bar at the top of the window. We would like to see more work done on filters as we perceive it to be the most important function to heavy usage investigators.
There are many other things to like about Belkasoft X and I’m sure in time we will discover many more things. Don’t take our word for it, grab a free trial and run it against old case data and see for yourself.
See also