Mobile acquisition with Belkasoft X

Belkasoft X offers a range of acquisition methods for iOS- and Android-based devices:

IOS ACQUISITION METHODS

iTunes

iTunes backups acquisition (including lockdown files support)

This is a standard way to backup iOS device data. It requires iTunes to be installed on the machine where Belkasoft X is running. Encrypted backup contains more data. Belkasoft X automatically turns on encryption if no password is set in iTunes. To continue acquisition, you need to unlock smartphone or point to the lockdown file.

Checm8

checkm8-based acquisition

Belkasoft X introduces forensically sound, jailbreak-free extraction of selected iOS devices via a hard-coded, unpatchable exploit checkm8. Compatible devices include the range of iPhone devices powered by Appleā€™s A7 through A11 SoC (iPhone 5s through iPhone X). Supported iOS versions are 12.0 to 14.8.

Checkm8-enabled version of Belkasoft X can extract keychain as well.

Agent-based_acquisition

Agent-based acquisition

Belkasoft X can acquire image of an iPhone or an iPad without jailbreak. The acquired image is the same full file system copy like the one obtained with a jailbreak or checkm8-based acquisition. Agent-based acquisition allows keychain extraction for iOS 10-13.7.

However, unlike checkm8, it works on a broader range of devices and iOS versions, including iPhone XS/XS Max, iPhone XR, iPhone 11/Pro/Pro Max, iPhone 12/12 mini/12 Pro/12 Pro MAX, iPhone SE (2nd gen), iPad Air (3rd gen) and iPad Pro (3rd gen) and others. Supported iOS versions: starting from iOS 10 to iOS 14.3.

Jailbroken

Support for the latest jailbreaks

Belkasoft X supports the latest jailbreaks like checkra1n, odyssey and unc0ver. In some cases jailbreaking can be the only method to extract a full file system and keychain data from the device under investigation. With Belkasoft X it is possible to acquire a full file system from jailbroken iOS devices.

Media

iOS crash log extraction

Belkasoft X can extract iOS crash logs as a separate type of acquisition. You do not need to jailbreak your device, it is sufficient to have a passcode or a lockdown file of the device.

LOG

Media files copy via AFC protocol

This acquisition type is based on AFC, an Apple's proprietary protocol for mediafiles transfer from an iOS device to a host computer. This type of acquisition uploads audio and video files through AFC protocol. It requires iTunes to be installed on the machine where Belkasoft X is running.

ANDROID ACQUISITION METHODS

ADBBackup

ADB backup acquisition

A standard ADB backup is built in the Android operating system and available on any Android device. Belkasoft X supports this kind of acquisition for a vast majority of Android-based devices.

Android Filesystem Copy

Logical and physical acquisition of rooted Android devices

With Belkasoft X you are able to acquire Android filesystem copy. This method is available only for rooted Android devices.

The other useful extraction method for Android devices is physical dump, which is available only for rooted Android devices.

iTunes

Agent-based acquisition

This acquisition method uploads and installs a special application ('agent'), which transfers data from the device to Belkasoft X. Upon the acquisition the agent is uninstalled.

It allows you to get an unencrypted copy of the device's file system and create a physical image through this method.

MTK

Support for MTK-based devices

Belkasoft X supports agent-based MTK acquisition. It allows you to get an unencrypted copy of the device's file system. In addition, it is also possible to create a physical image through this method.

The wide variety of MTK-based devices and MTK chipsets is supported, including popular smartphones—LG, HTC, Sony Experia and others, as well as exotic devices—Gionee, Oppo and Umidigi.

Find out which MTK-based devices are supported

Qualcomm

Acquisition of Qualcomm-based devices using EDL mode

Belkasoft X allows you to acquire a physical image from a vast amount of different mobile device models running on Qualcomm Snapdragon SoC.

The list of supported devices includes more than 250 smartphone models, including various models of Samsung, Xiaomi, Meizu, ZTE, Vivo and others.

Find out which Qualcomm-based devices are supported

Qualcomm

Acquisition of Spreadtrum-based devices

Belkasoft X allows you to acquire a full file system physical image from a vast amount of different mobile device models running on Spreadtrum chipset.

The method supports almost 90 phone models, including various models of Archos, ARK, BLU, Intex, Micromax and others.

Find out which Spreadtrum-based devices are supported

APK Downgrade

APK downgrade method

This feature allows the user to downgrade applications on a device, which will allow for the extraction from applications that have removed the possibility of backing up their data.

Examples of these applications include: Facebook Messenger, Instagram, KakaoTalk, Opera, Signal, Skype, Telegram, Twitter, Viber, WeChat, WhatsApp, Zello and others.

Media

Media files copy via MTP/PTP protocols

This acquisition method uploads data through Media Transfer protocol / Picture Transfer Protocol.

One of the options suggested to a user when they connect their device to a computer is "transfer media files using MTP". MTP stands for "Media Transfer Protocol" and it is an extension to the Picture Transfer Protocol (PTP) communications protocol that allows media files to be transferred from portable devices. Whereas PTP was designed for downloading photographs from digital cameras, Media Transfer Protocol allows the transfer of music files on digital audio players and media files. Now you can use any of these two protocols to acquire media from digital devices

Advanced ADB Acquisition

Advanced ADB acquisition

This acquisition method is a combination of all available methods powered by ADB into a single task.

It first starts with an agent-based acquisition, then runs an APK downgrade with full ADB backup creation and extraction of data from Shared Folder.

Automated Screen Capture

Automated screen capturing

With the help of this method, Belkasoft X has the ability to capture screenshots of various popular applications installed on a device.

You can take screenshots of chat threads and call lists. You can select the number of scrolls to be made for a particular screen as well as point the tool in which directions the scrolling must be completed, up or down.

Why use Belkasoft X?

Combines mobile, computer and cloud forensics in a single tool

Recovers all available data

Extracts more than 1500+ types of artifacts out of the box

Easy to use

Advanced low-level analysis

Much more cost-effective

Shows the entire picture

Quick

Other Belkasoft X features:

What's next?

TRY

Free trial

Start free trial of Belkasoft Evidence Center X and experience its ease of use and reliability along with the cutting-edge digital forensics capabilities.

Start free trial

CONTACT

NEED ADVICE?

Talk to an expert who can help you to identify the Belkasoft configuration you need and answer your questions.

Talk to us