Belkasoft Evidence Center X or, for short, Belkasoft X, is a new flagship Belkasoft's product for digital forensics and incident investigations.

Among the most important updates of version 1.4 of Belkasoft X are:

  • iOS crash log extraction
  • .DAR image support
  • More macOS artifacts
  • Google Keep and Google Timeline update, 2FA support
  • Multiple updates of User Interface and artifacts

Upgrading from previous versions of Belkasoft X to version 1.4 is free to all customers with a non-expired Software Maintenance and Support contract. Customers without a current contract can purchase it from the Customer Portal. Customers with a valid Belkasoft Evidence Center SMS, can upgrade with discounts: please contact sales@belkasoft.com for your upgrade quote.

Affordable training with optional certification is available.

More on new features

Mobile forensics

  • iOS crash log extraction supported. Belkasoft X can now extract such logs as a separate type of acquisition. You do not need to jailbreak your device, it is sufficient to have a passcode or a lockdown file of the device

     

    Sign up to a webinar on this and other iOS acquisition types which will be presented by Mattia Epifani in the keynote of the second day of BelkaDay Europe conference.

    RESERVE YOUR SPOT

     

  • Disk archiver (.DAR) format supported. DAR image type becomes more popular for storing acquired mobile device data, and many customers requested Belkasoft to include it into the supported images list. Belkasoft delivered that in v.1.4; with the new release, the range of supported images counts more than 50 different industry formats, both open and proprietary
  • APK downgrade: system apps downgrade is now processed correctly (and a number of other fixes made)

Computer forensics

More macOS artifacts search and analysis supported:

  • Installhistory
  • MRU
  • User spotlight top searches

Cloud forensics

  • Google Keep and Google Timeline download updated to revive the possibility of downloading their data
  • Two-factor authorization accounts supported for both cloud types mentioned above

Updated artifacts

  • Android Viber analyzer updated
  • Android KakaoTalk analyzer updated
  • Android Firefox analyzer updated
  • Android Puffin Browser analyzer updated

User interface improvements

  • Graphical timeline is optimized for usage on large data sets
  • Passwords are now shown in Properties window in both Base64 and Hex
  • Belka spinner design was improved for the Dark theme
  • Information on Data source is added to Map hints
  • A number of scaling issues was fixed
  • Two first columns in grid view (checkbox and bookmark columns) are now fixed to ease selection and bookmarking whilst scrolling to the right

Issues fixed

  • Search for indexed artifacts: previously, searching inside a term having two or more dots did not give a result, now fixed
  • Issues during non-encrypted APFS parsing fixed
  • Hash calculation for iTunes backups fixed
  • Missed timestamp fields for some browser artifacts fixed
  • Incorrect artifact count for jumplist lists after applying a global filter by text fixed
  • Hex bookmark editor: bookmark navigation improved
  • Upgrade from cases created with v.1.1.6370 fixed

Besides, Help file was updated to include our latest checkm8 improvements and other new features.