Belkasoft Evidence Center 2015
Belkasoft Evidence Center
makes it easy for an investigator to search,
analyze, store and share digital evidence found on the hard drive or the computer's
volatile memory. The toolkit will extract digital evidence from multiple sources
by analyzing hard drives, volatile memory dumps, iOS, Blackberry and Android
backups, UFED, JTAG and chip-off dumps. Evidence Center will help investigators quickly
locate and analyze information found in social network remnants, instant messenger
logs, internet browser histories, mailboxes of popular email clients, peer-to-peer
data, multi-player game chats, office documents, pictures, videos, encrypted
files, mobile backups, system and registry files.
Low level analysis is also possible with the help of SQLite Viewer, Registry Viewer, Plist Viewer, File System Explorer and Hex Viewer.
What's new in version 7.3
Belkasoft Evidence Center offers an easy-to-use, integrated solution for
collecting and analyzing digital evidence. The product is a perfect match for
law enforcement, military, intelligence and business customers.
- Forensically sound solution
Does not alter or modify data on hard drives or disk images being investigated.
- Looks everywhere
Analyzes hard drives, Live RAM captures, page and hibernation files, Windows
Registry, the content of virtual machines, forensic disk images, Android,
iOS and Blackberry backups, UFED, JTAG and chip-off dumps.
- Sophisticated analysis
Enables full-text search through all acquired evidence. Offers comprehensive
analysis of time periods of interest via a graphic Timeline.
- Comprehensive examination
Discovers more than 600 types of artifacts, supporting
all major document and media types, system files, email clients, instant
messengers, browsers, social networks, P2P and file transfer tools etc.
The search includes unallocated and re-allocated disk space, $MFT, $Log, Volume
Shadow Copy and other special Windows areas. Supports SQLite analysis,
including freelist and unallocated SQLite space extraction.
- Less missing evidence
Looks for hidden data, searches unusual places and examines files in
little-known formats to discover more evidence than ever.
- Blazing fast operation
Analyzes information at the rate of disk data transfer, utilizing today's
multi-core CPU's to their max.
- Easy to share evidence
The free Evidence Reader add-on offers an easy way to to transfer
or share collected evidence at no extra charge.
- Quick to learn and easy to use
Designed to be usable in the field, Belkasoft Evidence Center is extremely
easy to operate, and feasible even for single-incident investigations.
- Usable in the field
Portable edition can be plugged into any PC with no installation or configuration
- Reports can be presented in court
Generates clean and concise reports that can be presented to the court.
- Recovers destroyed evidence
Data carving allows locating evidence that was deleted, destroyed, or never
stored on the hard drive at all (page file, hibernation file and live RAM analysis).
BelkaScript scripting engine allows user to write own custom scripts endlessly extending the product functionality.
- Collaboration support
Enterprise edition allows working on cases together with set permissions
and centralized data storage.
- Trusted solution
Forensic investigators all over the world, Fortune 500 companies and multiple
private security specialists use Belkasoft software. Customers include the FBI,
the US Army, German police, and more than thousand government organizations
from over 60 countries.
Less Missed Evidence
Belkasoft Evidence Center can locate a huge number of artifacts, retrieving user’s
chats, communications, Web browsing and file sharing activities occurring in a wide
range of software. These artifacts include:
- All popular
- All major
office document types (Microsoft Office, OpenOffice, PDF, RTF)
Mobile device backups (iPhone, iPad, Android and Blackberry). Android/iOS UFED, JTAG
and chip-off physical dumps are supported
System files including Jumplists, Thumbnail files (Windows 7 and older,
as well as Windows 8 new format), SQLite databases, Event logs
Social networks and
- All major 100+
instant messengers (Windows, Mac OS X, Linux/Unix, Android, iPhone/iPad)
- All major
images and video files analyzed for
embedded text (e.g. scanned documents) in more than 90 picture formats
Encrypted files detection for more than 200 encrypted file types
The list of supported artifacts may vary between the
of the product.
- Case Management
Evidence can be stored broken by cases (optional component)
- Evidence Reader
Allows unlimited sharing of discovered evidence at no extra charge
- Data Carving and Live Memory Analysis
Recovers deleted and destroyed evidence as well as evidence stored in memory
dumps, page and hibernation files. More on
Live memory (RAM)
page/hibernation file analysis
- Native SQLite parsing with freelist/unallocated support and built-in viewer
Recovers corrupted and incomplete SQLite databases, restores deleted records
and cleared history files. Prosesses freelists, unallocated, journal/transaction files
- Enhanced Live RAM Analysis with BelkaCarving™
algorithm carefully reconstructs fragmented chunks into contiguous pieces
of information, allowing the tool to extract broken pieces such as databases,
recently viewed images, documents and other types of data that no other tool
Offers an aggregated view of all user activities regardless of data source including
all supported email clients, instant messengers, social networks etc. in both
textual and graphical representation
- Windows Registry support
Automatically locates, parses and carves registry hives, extracting many types
of valuable evidence. Handy built-int regedit-like viewer shows even badly damaged
or corrupted files, particularly those resulting from carving of registries
from unallocated space
- Kernel-Mode RAM Capturer
Live RAM Capturer available free of charge to acquire system memory sets
protected with active anti-dedugging systems
- Industry standard
EnCase, AFF, DMG, Atola, SMART and DD images including Windows, Linux and Mac OS X drives
as well as virtual machine drives, such as VMWare and Virtual PC.
Integrated with EnCase v.7 and Passware Kit Forensic
- Large case support
Cases containing hundreds of gigabytes of evidence are supported
- Easy collaboration
Enterprise edition allows for multi-user simultaneous work
- Persistent data analysis
Analyzed data will be persistently stored in the database