New Revolutionary BEC 2017 v.8.0

Belkasoft is happy to announce an upcoming release of massively updated version 8.0 of its leading digital forensic solution Belkasoft Evidence Center 2017. Version 8.0 will include a number of newly added useful features that are going to significantly improve the efficiency of digital forensic investigations.

Sign up for a webinar on BEC 2017!

Among the new features:

A new imaging tool, Belkasoft Acquisition Tool, or BelkaImager
Social Graph Builder, capable of finding communities of users in a course of large investigations
In-depth support for Volume Shadow Copy
and much more

BelkaImager

The new tool by Belkasoft allows investigators to perform acquisition of a wide variety of devices and other sources. In particular, BelkaImager supports:

Downloading data from clouds, like Google Cloud or iCloud, that can then be analyzed using Evidence Center
Mobile devices: Android and Apple
Numerous media storage devices (hard drives, removable drives etc)
RAM dumping: both 32- and 64-bit architectures

BelkaImager main screen
You can select a computer hard drive (or a removable drive), a smartphone or a tablet, and one of the various clouds to acquire. There is a separate executable to dump RAM to make it smaller in size.

BelkaImager mobile device selection screen
In this screenshot you can see Android device imaging page. The product lists all of the attached devices and provides comprehensive instructions on how to attach different types of phone and tablets.

BelkaImager exists both as a built-in in feature of Belkasoft Evidence Center and as a separate free tool. Request a beta version today by signing up to our free webinar at https://belkasoft.com/webinar (tick the EAP checkbox at the form).

Social Graph Builder

Belkasoft has put a lot of time and effort into developing Social Graph Builder module. This new module serves the purpose of visualization of communications and finding close connections by creating groups of users. The module is especially useful for analysis of data from several various sources, aiming to answer questions like:

Which of the users have tighter connections between each other?
Which people play the key roles in communications within and between groups of users?
Who could be the previously unknown victims?

Social Graph Builder not only creates communication graphs, like most of the competitor products, but also does a significant and complex job of finding tightly connected groups of people, taking into account the “strength” of connections among other things (for example, a phone call is considered more important than an email).

Various views available in Social Graph screen
In this picture you can see a visualization graph for various kinds of communications. You can see key people, how they are connected and what kind of communication they used.

We created a new scientific method and wrote a few articles on it, seriously improving previous results in the community identifying methodology (in particular, method Pratt-Perez et al). So it is safe to say that this module is not only a visualization tool, but it also has a serious scientific approach behind it.

Communities exctacted out of several mobile phones
Here you can see the same graph, but split into communities. Four groups were identified and highlighted by Evidence Center based on how people interacted.

The new module is available to all users with valid licenses of BEC Ultimate. Users with Professional edition of BEC can apply for discounted upgrade in order to gain access to Social Graph Builder.

In-depth Volume Shadow Copy Support

Even though BEC supported volume shadow copy in previous versions as well, it would analyze all related data by default. The new version, however, allows to review all of the existing snapshots and choose one or a few for analysis and carving. We at Belkasoft developed a code for low-level access to the structure of VSC without using third-party libraries, which allowed us to analyze even the drives with huge amounts of snapshots on them, which competing solutions could not handle due to memory overload.

Snapshot selection
BEC allows users to see and select existing snapshots for further analysis.

Extended snapshot properties
After the analysis is complete, you will see the snapshot under the corresponding volume node. BEC shows you snapshot properties and artifacts found in that particular snapshot.

Other Improvements

As usual, the new version brings dozens of fixes, new formats, and newly supported mobile and computer artifacts. More detailed information about the new formats and artifacts will be provided in the official press release for version 8.0 of Belkasoft Evidence Center 2017 which is expected in early September.

Early Access Program

Would like to try Evidence Center 2017 earlier? Join our EAP (Early Access Program) and get a free beta version of BEC 2017. To do that, sign up for the upcoming webinar and tick the corresponding EAP checkbox at https://belkasoft.com/webinar.

More Info on BEC

Belkasoft Evidence Center is a world-renowned tool used by thousands of customers for conducting computer and mobile forensic investigations. Belkasoft Evidence Center can automatically discover, extract and analyze evidence from a wide range of sources including computer hard drives and disk images in all popular formats, memory dumps, mobile backups and chip-off dumps. The tool can capture and analyze volatile evidence stored in the computer’s RAM, identify encrypted files, carve Internet chat logs, Web browsing history and email communications including information stored in digital pictures and videos. The ability to process office documents in a wide range of formats enables investigators to perform near-instant full-text search among all the documents discovered on the suspect’s PC.

Low-level access to hard disk and system structures means that even data that has been deleted by the suspect cannot escape from investigators. Supporting Windows, Unix/Linux, Android and Mac OS X file systems, natively mounting images created in EnCase, FTK, X-Ways, DD and SMART formats, UFED and chip-off binary dumps, and many popular virtual machines without using these or any third-party tools, Belkasoft Evidence Center can collect more evidence than any single competing tool in its class.

General info and technical spec: https://belkasoft.com/ec
Download full trial of current v.7.5: https://belkasoft.com/get
What’s new in v.7.5: https://belkasoft.com/new
Video tutorials: https://belkasoft.com/tutorials
What do the customers say? https://belkasoft.com/testimonials
Sign up to a webinar: https://belkasoft.com/webinar

Competitors Raise Prices, We Don't

As you can see, our Belkasoft Evidence Center evolves quickly and keeps getting new powerful functions. You can ask: What's about the price? Does the improved product come at a higher price tag given numerous new features?

The answer is NO. The price remains the same!

Enjoy.

Articles

How to create hashset databases with Belkasoft X

SSD Forensics 2014. Recovering Evidence from SSD Drives: Understanding TRIM, Garbage Collection and Exclusions

We published an article on SSD forensics in 2012. SSD self-corrosion, TRIM and garbage collection were little known and poorly understood phenomena at that time, while encrypting and compressing SSD controllers were relatively uncommon. In ... Read more

Subscribe to our Newsletter