Articles
![](/images/blog/trump.jpg)
Challenges in Digital Forensics: The Case of the Trump Rally Shooter's Phone
According to CNN, two days after Donald Trump's assassination attempt at his rally, the FBI was able to gain access to the cell phone of the shooter, Thomas Matthew Crooks. What took so long to get into his phone, and what can the FBI find on it? To answer these questions, it is necessary to understand the specifics of the electronic device investigation process.
![](/images/blog/173-android-system-artifacts-application-analysis.jpg)
Android System Artifacts: Forensic Analysis of Application Usage
![](/images/blog/trump.jpg)
Challenges in Digital Forensics: The Case of the Trump Rally Shooter's Phone
![](/images/blog/boddington_blog.jpg)
Webinar: From the Field: Belkasoft X User's Guide to Effective Forensics
![](/images/blog/case-study-mark-morris-cover.jpg)
Case Study: Leveraging Belkasoft X for a Multi-Source Fraud Investigation
![](/images/blog/164_BelkaDay_Conf_2024_cover.jpg)
BelkaDay 2024: Digital Forensics and Cyber Incident Response Conference
![](/images/blog/165-Android-system-artifacts-device-cover.jpg)
Android System Artifacts: Forensic Analysis of Device Information and Usage
![](/images/blog/166-Interview-wBelkaCTF6-winner-cover.jpg)
Belkasoft CTF 6: Interview with the Winner
![](/images/blog/163-why-choose-belkasoft-x-cover.jpg)
Why choose Belkasoft X for digital forensics and cyber incident response?
![](/images/blog/162-android-whatsapp-analysis-cover.jpg)
Android WhatsApp Forensics. Part II: Analysis
![](/images/blog/158-android-whatsapp-acquisition-cover.jpg)
Android WhatsApp Forensics. Part I: Acquisition
![](/images/blog/android_course.jpg)
[ON-DEMAND COURSE] Android Forensics with Belkasoft
![](/images/blog/149_screen_capturing_android.jpg)
How to Acquire Digital Evidence with Android Screen Capturer in Belkasoft X
![](/images/blog/Android-device-aquisition-methods-cover.png)
The Investigator’s Guide to Android Acquisition Methods. Part I: Device
![](/images/blog/blog_belkasoft_t_article_cover_2.png)
Belkasoft 2023 Recap
![](/images/blog/blog_belkasoft_t_article_cover.jpg)
How to Efficiently Triage Digital Evidence with Belkasoft T
![](/images/blog/whitepaper-cyber-incident-response-with-belkasoft-x.jpg)
Cyber Incident Response with Belkasoft X
![](/images/blog/50_webinar_triage.jpg)
Webinar: Digital Triage with Belkasoft T
![](/images/blog/149_deleted_whats_app_messages.png)
Forensic Duel: Exploring Deleted WhatsApp Messages—iOS vs Android
![](/images/blog/research_2023.png)
Belkasoft Industry Research 2023
![](./images/blog/148_Telegram_forensics.png)
Telegram Forensics: Getting Started
![](/images/blog/147_dfir_lab_in_the_cloud.png)
DFIR Labs in the Cloud: The Future of Digital Forensics
![](/images/blog/142_Belkasoft_T_Free.png)
Belkasoft Triage Is Now Free!
![](/images/blog/146_Decoding_Windows_Registry_Artifacts_UserAssist.png)
Decoding Windows Registry Artifacts with Belkasoft X: UserAssist
![](/images/blog/145_iCloud.png)
iCloud Advanced Data Protection: Implications for Forensic Extraction
![](/images/blog/144_iOS_System_Artifacts.png)
iOS System Artifacts: Revealing Hidden Clues
![](/images/blog/140_Essay.png)
Download your free e-book "Essays on Digital Forensics"
![](/images/blog/143_WhatsApp_iOS.png)
iOS WhatsApp Forensics with Belkasoft X
![](/images/blog/141_quick_guide_hashsets.png)
How to create hashset databases with Belkasoft X
![](/images/blog/139_Survey_2023.png)
Belkasoft Industry Survey 2023
![](/images/blog/138_ios_course.png)
[ON-DEMAND COURSE] iOS Forensics with Belkasoft
![](/images/blog/unlocking_ios.jpg)
Unlocking iOS Devices with Brute-Force
![](/images/blog/how-to-analyze-knowledgec-database-with-belkasoft-x.png)
How to Analyze KnowledgeC.db with Belkasoft X
![](/images/blog/hashsets.png)
Ins and Outs of Hashing and Hashset Analysis in Belkasoft X
![](/images/blog/brian_hempstead.png)
Case Study: Belkasoft X Helps to Define CSAM Recidivism Immediately
![](/images/blog/diy_yara.png)
DIY YARA vs. YARA with Belkasoft X
![](/images/blog/knowledgec.png)
KnowledgeC Database Forensics: A Comprehensive Guide
![](/images/blog/belkax-2-0-whats-new.png)
What's new in Belkasoft X v.2.0
![](/images/blog/yara_training.png)
[ON-DEMAND COURSE] Maximizing DFIR Results with YARA, Sigma, and Belkasoft X
![](/images/blog/126_griffeye.png)
Automation with Belkasoft: Orchestrating Belkasoft X and Griffeye DI Pro
![](/images/blog/first_steps_ir.png)
Incident Response with Belkasoft: First steps
![](/images/blog/webinar_brute.png)
Belkasoft X Brute-Force Webinar
![](/images/blog/casey_anthony_3.png)
Case of Casey Anthony: Extraneous Digital Evidence
![](/images/blog/mobile_ondemand.png)
Belkasoft Mobile Device Investigations Course
![](/images/blog/yara.png)
Walkthrough: YARA Rules in Belkasoft X
![](/images/blog/iMessage.png)
Lagging for the Win: Querying for Negative Evidence in the sms.db
![](/images/blog/webinar_SQLite.png)
SQLite Forensics with Belkasoft
![](/images/blog/casey-anthony-case.png)
Basic but significant legal issues in the Casey Anthony Case
![](/images/blog/chatgpt.png)
Download your free e-book on ChatGPT in DFIR!
![](/images/blog/sigma.png)
Walkthrough: Sigma Rules in Belkasoft X
![](/images/blog/pieces_article.png)
Automation with Belkasoft X: Putting the pieces together
![](/images/blog/automate.png)
Automation with Belkasoft X: Installation and Licensing
![](/images/blog/amped.png)
Automation with Belkasoft: Export for Amped FIVE
![](/images/blog/robot.png)
Digital Forensic Work Automation with Belkasoft X
![](/images/blog/NIST.png)
NIST tested Belkasoft support for SQLite data recovery
![](/images/blog/2022_year_review.png)
Belkasoft’s Year in Review—2022
![](/images/blog/SQLite_training.png)
[ON-DEMAND COURSE] SQLite Forensics with Belkasoft
![](/images/blog/macOS_webinar.png)
Webinar: MacOS forensics. Decryption and analysis of apps images from Macs with T2
![](/images/blog/survey.png)
Belkasoft Customer Survey 2022
![](/images/blog/remote_training.png)
[ON-DEMAND COURSE] Remote Acquisition with Belkasoft
![](/images/blog/cybersecurity_danger.png)
The riskiest cybersecurity danger for your business this fall
![](/images/blog/Release_1_15.png)
Sneak peek of Belkasoft X v.1.15
![](/images/blog/cyber-internal-external.png)
Internal or external: what data breach elicits the greater risk and damage?
![](/images/blog/even_more_bloopers.png)
EVEN 5 MORE Bloopers of a Digital Forensic Investigator (Part 3)
![](/images/blog/incident_training_september.png)
[ON-DEMAND COURSE] Corporate Investigations with Belkasoft
![](/images/blog/5_more_bloopers.png)
5 MORE Bloopers of a Digital Forensic Investigator (Part 2)
![](/images/blog/sqlite.png)
SQLite Forensics with Belkasoft X
![](/images/blog/Release_1_14.png)
Sneak peek of Belkasoft X v.1.14
![](/images/xsite/preview.png)
Cyber Incident Investigations Course with Belkasoft
![](/images/blog/charge.png)
The importance of fully charged devices in your digital forensic investigation
![](/images/blog/career_path.png)
Career Path—The Choice is Yours
![](/images/blog/mcafee.png)
Where in the world were John McAfee and An0nymous? A tell-tale sign from EXIF data
![](/images/blog/upcoming_release_1_13.png)
Sneak peek of Belkasoft X v.1.13
![](/images/blog/decryption.png)
Encryption amidst digital forensic and cyber incident response investigations
![](/images/blog/T_release.png)
Belkasoft Triage T v.1.2 is released!
![](/images/blog/burnout.png)
Preventing burnout in digital forensics
![](/images/blog/stay-in-good-shape.jpeg)
Stay in good physical shape: look past the screen of a digital forensic examiner
![](/images/blog/chats.jpg)
These chats are not mine! How our test engineer almost went crazy
![](/images/blog/designer_drug_blog.png)
How memory analysis helped to fight against "designer drugs"
![](/images/blog/112.png)
What's new in Belkasoft X v.1.12
![](/images/blog/virus_blog_2.png)
How even an experienced DFIR expert can catch a virus?
![](/images/blog/missing_girl.png)
The case of a missing girl and the power of a memory dump
![](/images/blog/belkactf_writeup.jpg)
Belkasoft CTF March 2022: Write-Up
![](/images/blog/mobile_training.png)
[ON-DEMAND COURSE] Mobile Forensics with Belkasoft X
![](/images/blog/upcoming_release.png)
Sneak peek: Belkasoft announces the upcoming release of Belkasoft X v.1.12
![](/images/blog/mobile_forensics_infographics.png)
[INFOGRAPHICS] Mobile forensics with Belkasoft
![](/images/blog/ram_blog.jpeg)
Why RAM dumping is so important and what tool to use?
![](/images/blog/evidence_fail.png)
How even the best evidence can fail in court
![](/images/blog/casey_anthony.png)
Browser forensics and the case of Casey Anthony
![](/images/blog/magic_wand.png)
Magic wand or scientific approach? Myths and realities about digital forensic software
![](/images/blog/5_bloopers.png)
5 Bloopers of a Digital Forensic Investigator
![](/images/blog/chain_of_custody.png)
Preserving chain of custody in digital forensics
![](/images/blog/origin_path2.png)
Where did this chat come from? The 'Origin path' concept in Belkasoft X
![](/images/blog/christmas_card.png)
Сhristmas edition: Inspirational stories about digital forensics folks
![](/images/blog/article_vote.png)
Thanks for supporting Belkasoft in 2023!
![](/images/blog/cloud.png)
iCloud acquisition and analysis with Belkasoft X
![](/images/blog/term_based_license.png)
Why a term-based license is NOT good for Digital Forensics market
![](/images/blog/for_mobile_forensics.png)
Why Belkasoft should be your tool of choice for Mobile Forensics
![](/images/blog/media_files.png)
Media file forensics with Belkasoft X
![](/images/blog/android_viber.png)
Android Viber Forensics with Belkasoft X
![](/images/blog/belka_dongle.png)
Triaging Windows-based computers with Belkasoft T
![](/images/blog/t1_1.png)
Belkasoft Releases Belkasoft T v.1.1
![](/images/blog/arvinder.png)
Belkasoft Appoints Arvinder Garcha as VP to Lead Company's Channel Development
![](/images/blog/survey.png)
Digital Forensics Survey 2021: Results
![](/images/articles/general/signal-app.png)
iOS Signal decryption with Belkasoft X
![](/images/blog/show.png)
Belkasoft is introducing a show 'BelkaTalk on DFIR'
![](/images/blog/149_screen_capturing_android.jpg)
Android Screen Capturing with Belkasoft X
![](/images/blog/android_apk.png)
How to Acquire Data from an Android Device Using the APK Downgrade Method
![](/images/blog/triage.png)
Belkasoft T — a new effective DFIR triage tool
![](/images/blog/survey_2021.png)
Belkasoft DFIR Survey 2021: Your Personal Advisor
![](/images/blog/SANS_six_steps.png)
SANS Institute: Six Steps to Successful Mobile Validation
![](/images/blog/dropbox.png)
Investigating the Dropbox Desktop App for Windows with Belkasoft X
![](/images/blog/multiple_streams.png)
Analyzing videos with multiple video streams in digital forensics
![](/images/blog/different_devices.png)
How to analyze different types of devices and find connections between them
![](/images/blog/ransomware_attack.png)
Find out what happened during a ransomware attack on computer
![](/images/blog/ediscovery.png)
eDiscovery with Belkasoft
![](/images/blog/usb_restricted.png)
Dealing with Apple's USB Restricted Mode
![](/images/blog/uncover.png)
Unc0ver: What you should know about this new jailbreak for iOS devices
![](/images/blog/whatsapp.png)
WhatsApp Forensics on Computers (Windows PCs and Macs)
![](/images/articles/general/Checkm8.png)
Checkm8 Review
![](/images/blog/signal_app.png)
Decrypting iOS Signal App Data with Belkasoft Evidence Center
![](/images/blog/risks.png)
Mitigating security risks using Belkasoft Evidence Center
![](/images/articles/general/keychain-ios.png)
Keychain Extraction in Belkasoft Evidence Center
![](/images/blog/glossary.png)
Checkm8 Glossary
![](/images/blog/full_file.png)
Full File System Extraction of iOS Devices with Belkasoft X
![](/images/blog/42_hisuite.png)
Analyzing HiSuite Backups with Belkasoft Evidence Center
![](/images/articles/general/customer_survey.png)
Results of Customer Survey 2019: Findings and Insights
![](/images/articles/general/windows.jpg)
Analyzing Jump Lists with Belkasoft Evidence Center
![](/images/blog/mobile_apple.png)
Forensic Extraction of Data from Mobile Apple Devices with Belkasoft Products
![](/images/blog/lnk.png)
Forensic Analysis of LNK Files
![](/images/blog/updates.png)
Does your DFIR tool have substantial updates?
![](/images/blog/bec_timeline.png)
Building a Timeline: A Case for Belkasoft Evidence Center
![](/images/blog/review_training.png)
I took Belkasoft Evidence Center for a spin around the block
![](/images/articles/general/customer_review_spain.png)
Belkasoft Evidence Center: a View from Spain
![](/images/blog/graph.png)
How to Use Connection Graphs by Belkasoft for Complex Cases
![](/images/blog/remote.png)
Walkthrough: How to Perform Remote Acquisition of Digital Devices
![](/images/blog/timeline.png)
How to Analyze Windows 10 Timeline with Belkasoft Evidence Center X
![](/images/blog/cross_case.png)
How To Use Cross-Case Search With Belkasoft Evidence Center
![](/images/blog/bullying_2.png)
Reasons Why You Need Belkasoft Evidence Center to Fight Workplace Bullying. Part II
![](/images/blog/bullying_1.png)
5 Reasons Why Corporate Investigators Need Belkasoft to Fight Workplace Bullying. Part 1
![](/images/blog/malware.png)
Fast Detection of Mobile Malware and Spyware with Belkasoft
![](/images/xsite/preview.png)
Carving and its Implementations in Digital Forensics
![](/images/articles/general/signal-app.png)
WeChat. The Forensic Aspects Of and Uses For Evidence from a Super-App
![](/images/xsite/preview.png)
Comprehensive Forensic Chat Examination with Belkasoft
![](/images/articles/general/malware.jpg)
I Have Been Hacked
![](/images/xsite/preview.png)
SSD and eMMC Forensics 2016—Part 3
![](/images/xsite/preview.png)
SSD and eMMC Forensics 2016—Part 2
![](/images/xsite/preview.png)
SSD and eMMC Forensics 2016—Part 1
![](/images/xsite/preview.png)
BelkaScript: How to Get Most out of Digital Forensic Software
![](/images/xsite/preview.png)
The Future of Mobile Forensics: November 2015 Follow-up
![](/images/xsite/preview.png)
Countering Anti-Forensic Efforts - Part 2
![](/images/xsite/preview.png)
Countering Anti-Forensic Efforts—Part 1
![](/images/xsite/preview.png)
NAS Forensics Explained
![](/images/xsite/preview.png)
Future of Mobile Forensics
![](/images/xsite/preview.png)
Acquiring Windows PCs
![](/images/xsite/preview.png)
Capturing RAM Dumps and Imaging eMMC Storage on Windows Tablets
![](/images/xsite/preview.png)
Kik Messenger Forensics
![](/images/xsite/preview.png)
Analyzing Windows Phone 8.1 JTAG and UFED Dumps
![](/images/xsite/preview.png)
Forensic Analysis of SQLite Databases
![](/images/xsite/preview.png)
SSD Forensics 2014. Recovering Evidence from SSD Drives
![](/images/xsite/preview.png)
Recovering Destroyed SQLite Evidence, iPhone/Android Messages, Cleared Skype Logs
![](/images/xsite/preview.png)
Detecting Altered Images
![](/images/xsite/preview.png)
Catching the ghost: how to discover ephemeral evidence with Live RAM analysis
![](/images/xsite/preview.png)
Why SSD Drives Destroy Court Evidence, and What Can Be Done About It
![](/images/xsite/preview.png)