BelkaX-101 Belkasoft Certification Course

Belkasoft Certified Course is intended for investigators of any level of expertise who want to acquire hands-on skills in computer, mobile, and cloud investigation and enrich their toolkit with Belkasoft X, an all-in-one forensic solution.

The course details:

Language: English

Duration: 2 days

Formats: Onsite or online

The course is designed for

Law enforcement
Military investigations
Private security

What does the course include?

lectures
instructor-led demonstrations
practical exercises

The course content

It is an intermediate-level course that covers fundamental principles every digital forensic investigator should know. By the successful completion of the course, each participant gets strong skills in Belkasoft X and also deepens their knowledge about the techniques behind it, and the methodology of digital forensic analysis.

In particular, the participants will learn how to:

  • configure Belkasoft X and start the investigation,
  • acquire data from hard drives, smartphones, and cloud, add other data sources,
  • analyze the most relevant artifacts (including internet evidence, media, registry data, etc.) and overcome difficulties working with these types of artifacts,
  • create an efficient report on pertinent findings.

Various analysis options will be considered: extraction of artifacts from existing files, carving, live RAM analysis, hibernation, and pagefile analysis.

Every module is accompanied by a set of practical exercises and all related questions will be answered during the training session.

Students will be required to complete a final exam and all passing students will receive an official Belkasoft Certificate (BelkaCE), valid for 3 years.

Modules

  1. Introduction1.5 hours
    • Instructors will present learning objectives, detailed schedule, and materials along with expected outcomes over the course’s duration.
    • Instructors and students will learn more about one another, their experiences, and their learning needs.
    • Students will receive a general overview of the Belkasoft X platform and its capabilities.
  2. First steps with Belkasoft X. User interface 2 hours
    • Instructors will explain what types of data sources are supported by Belkasoft X and how to acquire new data sources (hard drives, smartphones, and clouds) and add existing ones.
    • Students will become familiar with the main Belkasoft X workflow, from data acquisition to reporting on found evidence.
  3. Data acquisition and main workflow 1 hours
    • Instructors will explain what types of data sources are supported by Belkasoft X and how to acquire new data sources (hard drives, smartphones, and clouds) and add existing ones.
    • Students will become familiar with the main Belkasoft X workflow, from data acquisition to reporting on found evidence.
  4. Working with computer artifacts 2 hours
    • Students will learn how to extract and analyse internet evidence, such as data from popular messengers, browser history, and emails.
    • Students will become familiar with multimedia analysis options, including EXIF analysis, face detection, text recognition, and video keyframe extraction. Advanced ANN-based methods of pornography and guns detection will be demonstrated.
    • Instructors will guide students on tools and techniques within the Belkasoft X platform to forensically analyze important system files (such as registry files, jumplists, and system event logs) to discover artifacts and traces pertinent to an ongoing case.
  5. Working with mobile and cloud artifacts2 hours
    • Instructors will explain what kinds of information could be extracted from various mobile data sources.
    • Students will learn how to analyze standard and third-party mobile applications, how to get the most from discovered geolocation data, and how to find important evidence using the built-in SQLite Viewer.
    • Instructors will also demonstrate capabilities of cloud acquisition and analysis.
  6. Search and filtering techniques2 hours
    • Students will learn how to utilize the Belkasoft X platform to narrow the search and save both time and effort. Filtering options for various data types will be considered.
    • Students will learn how to bookmark their data for further reference.
    • Instructors will explain how to get the most from the predefined search results and conduct efficient searches on the extracted artifacts.
    • Students will become familiar with the Belkasoft X Timeline window and its capabilities.
  7. Creating reports1 hour
    • Instructors will guide students on the create reports from any part of the interface and configure them properly, so the reports look clean and concise.
    • Students will also learn how to share their findings with colleagues using Belkasoft Evidence Reader.
  8. Advanced Analysis techniques2 hours
    • Students will receive an overview of the low-level techniques, supported by Belkasoft X. Students will learn how to analyze RAM data (including processes analysis and malware detection). How to carve a drive or an image and use advanced carving options.
    • Instructors will demonstrate the capabilities of File System Explorer, Hex Viewer, and built-in SQLite Viewer. Students will learn how to perform hashset analysis and process encrypted files.
  9. Exercises review and wrap-up2 hours

    There will be an overview of the practical exercises and a wrap up of the whole course. Students will be welcome to share their feedback and answer any questions, not answered during the course.

  10. Belkasoft Certification Exam4 hours

    There will be an overview of the practical exercises and a wrap up of the whole course. Students will be welcome to share their feedback and answer any questions, not answered during the course.

Expertise

Belkasoft course is written based on over fifteen years of field experience from working with LE officers and CCU examiners worldwide.

The techniques taught in this course have been curated from extensive research, testing, and use on live systems involved in actual cyber crimes investigated around the world where DSI examiners were actively involved as contracted analysts, instructors, and mentors.

Register to the course