What's new in Belkasoft X v.2.7

Belkasoft Evidence Center X (Belkasoft X) is Belkasoft's flagship product for digital forensics, cyber incident response, and eDiscovery.

Belkasoft X v.2.7 introduces several major enhancements:

• Significant expansion of BelkaGPT AI assistant
• Support for SQLite queries
• Android device brute-force, acquisition, and decryption: more devices supported
• Improved stability for the revived APK downgrade method
• Simplified Volatility integration
• Analysis of UFDX images and improved UFD support
• Restoration of iCloud Backups and Microsoft 365 acquisition
• A vastly expanded Car Forensics module with numerous new car events

Upgrading from previous versions of Belkasoft X to v.2.7 is free for all customers with an active Software Maintenance and Support (SMS) contract. Customers with expired or expiring SMS contracts can review and renew them through the Customer Portal.

Affordable training with optional certification is also available, including on-demand options.

New Feature Details

BelkaGPT

BelkaGPT, the industry's first offline AI assistant, is receiving increasing attention from our customers. In this release, we have significantly expanded its capabilities and improved answer accuracy. The updates include:

• All types of Belkasoft X artifacts are now supported in BelkaGPT (previously, some less common artifacts were excluded)
• Instead of manual installation, you can now use a friendly BelkaGPT installer
• Numerous performance improvements made in request processing
• Processing and accuracy have been improved by excluding meaningless data
• Improved language support: now you can supply questions and receive answers in your language (most European and Asian languages, Arabic, and more)

All customers with valid SMS plan can download BelkaGPT from their Customer Portal accounts.

SQL Queries

You can now execute SQL statements in Belkasoft X's SQLite Viewer. Now, the viewer allows you to enter SQL SELECT queries, including complex ones with JOIN statements, and provides results that you can further sort, convert, copy, or include into a report:

It is important to note that, unlike similar queries run in a standard viewer, Belkasoft's viewer can include results from special areas of SQLite databases, such as freelists, WAL, and journal files:

In the screenshot above, pay attention to the artificial 'belka_record_type' column, which helps distinguish between different record types.

Mobile Forensics

Acquisition

• Support for Unisoc device brute-force, acquisition, and decryption has been added. In this release, we support the following chipsets:
  • A7862
  • A7870
  • S8000
  • T310
  • T606
  • T610
  • T612
  • T616
  • T618
  • T72XX
  • T760
  • T770
  • T700
  • T820
• Support for MTK device brute-force and acquisition has been extended. In this release, we support the following chipsets:
  • MT6853
  • MT6873
  • MT6877
  • MT6885
  • MT6893
• APK downgrade stability has been improved. This acquisition type was almost banned by DFIR labs due to numerous side effects it had been causing. However, Belkasoft engineers managed to find a workaround, giving this method a second life. Thanks to recent adjustments, this method delivers stable and reliable results again!
  
  In addition to safety improvements, we have also extended this method to support devices on Android 15.
• Support for UFDX image type added
• Improved support for UFD images with encrypted data from MTK devices
• Android agent-based SD card acquisition updated

Artifacts

Existing mobile artifacts have been updated, new ones have been added:

• iOS
  • AllTrails v18.8.0 (updated)
  • Facebook v422 (updated)
  • Garmin Connect v4.65.36 (new)
  • Gmail (updated)
  • IMEI extraction (updated)
  • Maps (updated)
  • Mega Chat v.13.2 (updated)
  • Notes (updated)
  • Skype v2.6.17511 (updated)
  • Telegram (updated)
  • Wire v.3.113 (updated)
• Android
  • DuckDuckGo v5.207.0 (new)
  • Garmin Connect v5.7 (new)
  • Google Keep v5.24 (new)
  • Google Maps v11.3.3 (new)
  • Instagram v341.0 (updated)
  • MailRu (updated)
  • Telegram v11.7.0 (updated)
  • Twitter v.10.48 (updated)
  • Wi-Fi connections (updated)
  • YahooMail (updated)

Cloud Forensics

• iCloud Backups download updated to the latest version of the cloud
• Microsoft 365 download updated to the latest version of the cloud

Memory Forensics

In the new version, we have significantly simplified Volatility integration. Python installation and various environment configurations are no longer required. Now, the integration is as easy as downloading a precompiled executable and symbol files from the Belkasoft's GitHub and adding the corresponding path to the settings window!

Car Forensics

A significantly larger number of car event types can now be extracted from Berla images as artifacts. These new event types of events are also added to the Timeline, with the possibility to filter them. Additionally, tracks with geolocations are now extracted.

Computer Forensics

• Chrome cookies and session extraction updated
• Windows 11 jumplist analysis updated: data extraction is fixed, application ID list is updated
• Windows 11 prefetch analysis updated to the latest version
• Large prefetch files analysis improved
• .mov video files detection improved (more potential signatures added)

Please also pay attention to our recently released Windows Forensics on-demand training.

User Interface

• Back and forward navigation added: now, you can return to previously inspected nodes after jumping over others using the Alt + Arrow combination or by right-clickinging the screen and selecting the action
• Replies to messages are now visualized in the bubble chat view
• Task notifications added: now, when the product needs user input or when a task is finished, a notification window appears. Never miss an update!
• Brazilian Portuguese translation added
• "Media files" category added to the Timeline
• Wireless configuration and car events added to the Timeline
• It is now possible to open images stored as BLOBs in SQLite databases not only in the built-in SQLite Viewer but also in an external image viewer

Other Improvements

• Initialization issues for PostgreSQL-based cases fixed for PCs with missing language locales
• Reports: contact initials generated inside the avatar for the bubble chat view
• Reports: Thumbnail export fixed
• Filter by text in the File System tab is now case-insensitive
• MFT and ADS tabs in Tools fixed in the Recursive View on the File System
• Filtering by 'Has embedded files' fixed
• A global filter by the last modified time of a registry artifact added