What's new in Belkasoft X v.2.9

Belkasoft Evidence Center X (Belkasoft X) is Belkasoft's flagship product for digital forensics, cyber incident response, and eDiscovery.

Belkasoft X v.2.9 introduces a range of powerful features and improvements focused on BelkaGPT, the industry's first fully offline DFIR assistant:

• BelkaGPT is expanded with custom picture classification and speech-to-text transcription for videos, accelerating review and search processes
• BelkaGPT better understands question intent, offers clearer rephrasing when needed, and handles specified timeframes with greater precision
• "AI Everywhere": Casework with BelkaGPT flows more smoothly thanks to searchable topics, profile-scoped filtering from the Artifacts window, quick source-linked bookmarks, command-line support, and the ability to export full history of a BelkaGPT session
• Cellebrite images support added to BelkaGPT
• Belkasoft Evidence Reader can now include BelkaGPT directly within the case package, allowing reviewers to ask their own questions without installing any additional components
• Belkasoft X now parses Apple Unified Logs, revealing system-wide event traces for timelines and pattern-of-life analysis
• 130+ new mobile device models are now supported for acquisition and analysis

Upgrading from previous versions of Belkasoft X to v.2.9 is free for all customers with an active Software Maintenance and Support (SMS) contract. Customers with expired or expiring SMS contracts can review and renew them through the Customer Portal.

[NEW]: Get hands-on experience leveraging BelkaGPT features for digital forensics workflows in the upcoming on-demand training: BelkaGPT—Effective Artificial Intelligence in DFIR. Enroll now and take the course for free till December 14.

New Features Details

BelkaGPT

With the release of Belkasoft X v.2.9, BelkaGPT has been significantly expanded. The innovative Belkasoft offline AI technology now provides even more AI capabilities than ever before. This includes wider and more flexible analysis options, expanded artifact support, and richer investigative insights.

Important: When updating the product, do not forget to download and install the latest BelkaGPT resources under the Customer Portal → Downloads. Note that all cases analyzed with previous versions of Belkasoft X must be re-analyzed after the update for compatibility with the new features.

Picture analysis: Custom classification categories and more presets

Picture classification offers more preset categories, including Drugs, License Plates, Money, Violence, and more. Prefer your own labels? You can now create custom categories tailored to your casework.

Speech recognition on video files

BelkaGPT can now transcribe videos up to 30 minutes long, making the extracted text searchable by keywords and available for BelkaGPT queries.

Language support extended

BelkaGPT now supports 100+ languages, both for artifact discovery and Q&A. Check the full list on the BelkaGPT page.

Prompt quality check

This feature is especially useful for those who are just starting to work with the technology. BelkaGPT now evaluates your questions to verify that they contain sufficient detail. If needed, it suggests clearer wording to help you find the right artifacts faster.

Timeframe detection

Another important improvement is "smart question processing." This technology helps BelkaGPT better understand and apply specified timeframes, focusing on artifacts within the defined period. In practice, this means that whenever a date or time range is mentioned, BelkaGPT runs specific handling to deliver more accurate results.

AI everywhere: Run BelkaGPT analysis from the Artifacts window

BelkaGPT operations are now available from the Artifacts window. They allow you to add AI assistance to cases analyzed without AI capabilities and scope BelkaGPT analysis to specific data sources and artifact profiles, reducing the time to first answers.

• Choose what to include into the BelkaGPT knowledge base: an entire data source, a group of artifacts profiles, or even a single artifact profile. In the Artifacts window, right-click the required node and select Analyze checked profiles with BelkaGPT. After BelkaGPT finishes processing data, it will be ready to answer your questions based on the information within the processed node
• Run speech recognition on all or specific audio and video files. Right-click Audio or Video, or select items within those categories, and run speech-to-text conversion from the context menu
• Generate picture descriptions and run classification for the entire category or selected items only. Right-click the items you want to process, select Analyze pictures, and pick the required analysis options

When time is pressing and computing resources are limited, targeted AI analysis helps you narrow the scope and get results faster.

Enhanced BelkaGPT window: Organized, focused, report-ready

The BelkaGPT window now fits into your investigative workflows even better:

• You can create multiple topics to keep your queries organized and easy to navigate. The topics are searchable, so you can quickly find questions or answers without scrolling through the whole conversation:
  
• Filtering has become more granular and intuitive. In the Artifacts window, define a timeframe using the global filter, check the relevant profiles, right-click, and select Ask BelkaGPT about checked profiles—replies in the new topic will be scoped to the selected period and items
• You can quickly bookmark BelkaGPT findings. Each answer is saved together with its referenced artifacts, so everything stays at your fingertips
• BelkaGPT results can be added to reports. Export a complete Q&A record for any topic as a shareable file
• BelkaGPT spellchecker shows replacement suggestions for faster fixes

Portable BelkaGPT: Now available in Belkasoft Evidence Reader

Cases exported to Evidence Reader can now package the BelkaGPT knowledge base and resources, allowing reviewers to explore data using BelkaGPT Q&A just like in a full Belkasoft X installation.

Cellebrite images support

BelkaGPT now understands UFD, UFDX, and UFDR data sources. It can answer questions about metadata, such as properties in Cellebrite extractions and reports, as well as analyze the contents themselves—including chats, emails, documents, pictures, and more.

Car forensics with BelkaGPT

BelkaGPT analysis is now available for artifacts extracted from Berla images. Vehicle infotainment systems typically include information on connected devices, contacts, calls, vehicle event records, and more—and BelkaGPT is here to help you pinpoint case-relevant car records.

BelkaGPT in Command Line Configurator

Great news for those who prefer automated workflows: Belkasoft X command line interface (CLI) now includes BelkaGPT analysis options. Generate configuration files to seamlessly include BelkaGPT preprocessing in the data source analysis workflow.

You can even pre-load your standard question list for BelkaGPT to process and kick off your investigation hands-free.

Faster replies

In v.2.9, BelkaGPT produces much quicker replies in both GPU- and CPU-based environments.

Mobile acquisition

Support added for 130+ mobile devices, including iPhone 16 and 17, Google Pixel 10 and 9, Samsung Galaxy S25 and S24, and other popular models.

Artifacts

Mobile and computer artifact extraction now surfaces more data with clearer presentation.

Apple Unified Logs

Apple Unified Logs centralize system and application events and provide extensive, timestamped records for timeline and pattern-of-life analysis in digital forensic investigations. Belkasoft X now parses these logs and lists them under System files → System event logs, with multiple filtering options to help you navigate thousands of records.

iOS

• SMS: Parsing of draft text messages is supported
• Voice Memos: Audio files in the .ogg format are now extracted and analyzed

Android

• Viber v24.7.0: Better extraction of attachments and geolocation details
• Slack v24.04: Enhanced presentation of conversations
• Telegram v11.9.2: Improved extraction of Secret Chat contacts and conversations

Other Improvements

• Refined parsing of UFDR images
• Enhanced detection of volume partition boundaries in hard drive images