Brett Shavers from DFIR.training had previously reviewed Belkasoft Evidence Center in his article "I took Belkasoft Evidence Center for a spin around the block". Since then Brett has published a new article about BEC, where he talks about new features of Belkasoft Evidence Center 9.7. You can read an extract from the article below. To read the entire article, follow this link.
* * *
Brett Shavers: There are few things cooler than finding that one of your forensic tools was updated with new features. It does not matter which tool, or which new feature. There are times when some of the new features don’t apply to what I work on but are cool nonetheless as it shows that a tool is constantly being developed. Small, new features are neat, but the major updates are usually so good that I have to immediately test it out.
Using Belkasoft Evidence Center (BEC) as an example, the latest version, 9.7 added quite a bit of new features. I previously blogged about BEC as an all-in-one forensic suite that has a place in my forensic analysis right next to other tools, and the mobile device features added really expand upon the all-in-tool suite concept.
BEC added a lot, which you can read the bullet points here: https://belkasoft.com/whats_new_in_version_9_7
The mobile acquisition and analysis features are a welcome addition. Anyone doing forensic analysis more than a week knows that not every tool is capable of doing absolutely everything you need with either a specific type of media or specific type of artifact (or database!). There is no clearer example of this than examining mobile devices as many times the difference in output of mobile device data can be extreme between different tools.
In one case, I testified to a number of text messages that I recovered from a mobile device. I recovered tens of thousands of messages, probably close to a hundred thousand messages. The opposing expert recovered a few thousand, way short of what I recovered. We used different applications, and I actually used three different tools, each giving me different results in numbers. The opposing expert used one tool and did not recover much at all. I can only imagine what the judge and jury were thinking when one side recovers nearly a hundred thousand messages and the other side only recovers barely four or five thousand messages. So, when I have a tool that does something my other tools do, I generally use it in conjunction to verify, corroborate, or recover data in a manner that another tool cannot.
* * *
Read more at https://www.dfir.training/dfir-training-blog/2019-10-23-02-13-47
Previous article about Belkasoft Evidence Center by Brett Shavers is available at https://belkasoft.com/review_bec_dfirtraining
30-day free trial of Belkasoft Evidence Center is available at belkasoft.com/get
