What's New in Version 7.0
Version 7.0 of Belkasoft Evidence Center 2015 is a major step ahead. Now
the tool becomes a full digital forensic solution, rather than a product for gathering
"low hanging fruits". With the introduction of File System Explorer, capable
to show file and directory structure of a device, image, mobile dump or backup,
the product allows user to perform low-level investigation of any digital data source.
Revamped Hex Editor helps to analyze any file, in-memory process or a volume.
Handy Type Converter shows any selected set of bytes in all data formats.
Powerful BelkaScripting module gives a user a possibility to infinitely extend
functionality of the tool. Live RAM Process Analyzer helps to see all processes
inside a memory dump, including already killed or completed processes.
Apart from these revolutionary changes, there are multiple improvements in previously
existing functionality: new computer and mobile applications and formats analyzed,
more image formats supported, reporting and search improved and so on.
Upgrading to version 7.0 is free of charge to all customers with non-expired
Extended Software Maintenance and Support contracts. New modules (such as File
System and Scripting) are available for free to all customers having
the configuration with Case Management and floating license (offer is limited
to Dec 31, 2014 only!).
Customers without the contract can purchase it from the
Customer Portal. Affordable
User Refresher Course is available for those who would like to catch up all recent
New Major Functions in Belkasoft Evidence Center 2015 v.7.0
- New component: File System Explorer. The new component allows user
to see complete structure of a device, dump, drive or memory image, mobile phone
or tablet, folder and so on. You can see all volumes and partitions, folders
and files, including special ones such as $OrphanFiles, $Log, $BadClus etc.
For each file you can see its size and dates.
On this picture you can see an Android phone (chip-off
dump) file structure shown by File System module of Belkasoft Evidence Center
7.0. Particularly, you can see hidden special folder $OrphanFiles.
- Revamped component: Hex Viewer. The Hex Viewer was massively improved
and extended. Now it allows investigating all types of files on the disk, database
records, or processes, extracted from volatile memory captures (RAM dumps) on
all supported platforms. The hex viewer supports custom searches and bookmarks,
making low-level investigations easier and more convenient. As a result, investigators
can view files located on computer hard drives and forensic disk images, as
well as files stored in mobile backups or available in chip-off dumps of various
mobile devices. Tightly integrated with Live RAM analysis, the new hex viewer
allows viewing processes and data extracted from live RAM dumps.
Built-in Hex Viewer allows low-level file investigation;
it has a handy type converter, showing current selection in different formats;
search and bookmarking; saving selection to a file; advanced Go to, including
jump to a relative offsets and many more.
- Type Converter is a new feature of Hex Viewer, which conveniently
shows selected data in different suitable formats, such as numbers, dates, IP
addresses or strings. It supports little and big endian, different encodings
and so on.
- New component: Scripting. Newly appeared scripting engine (which
we call BelkaScript) allows a user to extend Evidence Center functionality
with your custom analysis and carving, do custom searches and create custom
reports, and infinitely customize the product to tailor your needs. A set of
sample scripts is included to the product installation for your reference.
Scripts are written in simplified C#. Scripting window
allows to debug custom extensions using breakpoints, step-by-step debugging,
variable values inspection and so on.
- New feature: Live RAM Process Analysis. Apart from previously existing
function of Live RAM carving for various artifacts, such as Gmail, Facebook, Skype
or WhatsApp, the product gains general analysis for processes: you can see all
processes, running or dead, inside Windows 7 or Unix memory dump. Each process
can be inspected inside Hex Viewer.
Windows 7 Live RAM processes are shown, including dead
processes; it is possible to select a process and review its memory in Hex Viewer.
New and improved functions
- Android and iTunes backups can be viewed in File System. Besides,
you can unpack the whole backup or a selected folder from within to your
- Support for Android and iTunes backup is improved: now you can select
applications to analyze.
- Android analysis extended: Dropbox, Grindr, Textplus, GTalk, Zello,
Sina Weibo, MeowChat supported
- Psi for Windows supported.
- L01 and Lx01 logical images are supported.
- UFED physical dump for iOS supported.
- Passware integration updated to v.13 of the tool.
- Evidence Reader is now included to the product: you do not have to
download it. Just export your case to Evidence Reader and give the whole folder
contents to your colleague!
- To ease handling of cases, now only one case is stored in an SQLite database.
A user can configure a folder for each case, browse existing case, open a network
case (Enterprise edition only) and so on. This also improves performance when
you work with multiple cases at a time.
- All SQLite-related analyzers now support freelist and transaction/WAL
analysis, so that you can extract deleted SQLite data and data from journal
- It is now possible to configure options before creating a case and
- In addition to binary Plist, the built-in Plist Viewer now supports XML
- Registry ShellBag artifacts supported.
- Individual picture can now be selected for Photo Forgery detection
(before you could only select all pictures inside data source or in a
- Massive report improvements: better column selection, one file per
case report improved, issue with External and Internal IPs in Skype chatsync
report fixed, issue with large carved data reports fixed, links to attachments
for mails in HTML report fixed.
- Table "Visits" analysis supported for Chrome.
- Mail.ru Agent and Windows Live Mail support updated.
- Search problem for Evidence Reader fixed.
- Hundreds of other improvements and bugfixes made.
Belkasoft Evidence Center 6.3.1
Belkasoft Evidence Center 6.3
Belkasoft Evidence Center 6.2
Belkasoft Evidence Center 6.1
Belkasoft Evidence Center 6.0
Belkasoft Evidence Center 5.4
Belkasoft Evidence Center 5.3
Belkasoft Evidence Center 5.2
Belkasoft Evidence Center 5.1
Belkasoft Evidence Center 5.0
Belkasoft Evidence Center 4.2
Belkasoft Evidence Center 4.1
Belkasoft Evidence Center 4.0
Belkasoft Evidence Center 3.9
Belkasoft Evidence Center 3.8
Belkasoft Evidence Center 3.7
Belkasoft Evidence Center 3.6
Belkasoft Evidence Center 3.5
Belkasoft Evidence Center 3.0
Belkasoft Evidence Center 2.0