Pricing

Belkasoft Evidence Center

In order to receive the correct quote, first, please, select edition.


Please choose edition:


Please adjust licensing configuration:

Please click on the red arrow to the left in order to see license descriptions.

USB Dongle

Floating license of Belkasoft Evidence Center comes with a USB dongle.
This licensing option allows to run Belkasoft Evidence Center on multiple machines.
We recommend to select this option if there will be more than one user to work with the product, or if a single user needs to run Evidence Center on different computers.

Portable

Portable version is perfect for use in the field as it requires no installation and runs from a thumb drive.
Please select this option if you need to use the product outside the office more than inside (i.e. at a crime scene).

Network

Network license comes with a network dongle and a few additional USB dongles.
It allows unlimited amount of workplace installations and certain amount of concurrent connections. Investigators could also use additional USB dongles and work offline or go into the field.
Product configuration includes 3 additional modules: Office documents and SQLite Viewer, Mobile device analysis and File system explorer.
We recommend this option for medium and large organizations and departments.

Please choose additional analytical modules

Please click on the red arrow to the left in order to see module descriptions.

Cross-Case Search

Cross-Case Search module allows you to find intersections between the currently investigated case and other BEC cases. The information found in the current case is compared with the information found in the selected older cases and all matches will be reported on the Search Results screen. The product can find the following types of data whilst the cross-case search:
  • phone numbers
  • email addresses
  • application UINs and profile names

File System Explorer

File System module is designed to allow you to perform an even more thorough low-level forensic analysis.

This module allows you to view and navigate through all folders and files within a data source added to your case, including hidden, deleted and special system files and folders, for example, $OrphanFiles or $Extends. Memory processes are extracted from RAM dumps.

You can browse any mobile or computer file system as well as a memory dump, acquired with Belkasoft or any third-party software. Convenient Hex Viewer window allows you to review chosen file or process binary contents.

Customers that have File System module can also enjoy Hashset analysis function. You could use a NSRL hashset database or a folder with previously known files.

With this module you can also check memory processes and files for malware using various methods, including fake system process names detection and checking with VirusTotal.

Incident Investigations

Incident Investigations module is aimed to help users investigate hacking attempts of Windows-based computers. By analyzing numerous sources such as registry, event logs and memory dumps, it can find traces, which are typical to various tricks used by hackers to penetrate company's infrastructure.

Belkasoft Evidence Center looks at various artifacts located inside Amcache, Shimcache, Syscache, BAM/DAM, AppInit DLLs, Change of default file association, scheduled tasks, remote connections (RDP, Remote Connection, TeamViewer and others), startup tasks, browser extensions and so on; it detects suspicious connections and scripts.

The results of analysis are then presented inside separate Incident investigations window, making it easy to separate suspicious activities from regular forensic artifacts.

Mobile Device Analysis

With this module, the product can acquire and analyze various mobile devices. Inside an acquired image or dump it will find and analyze several hundred different kinds of artifacts for Android, iOS, Blackberry, and Windows Phone devices. Among these artifacts are calls and messages, email, messenger apps data (for example: WhatsApp, Kik, Telegram, Snapchat, WeChat), social media apps (for example: Facebook, Twitter, Tinder, VK), online payment systems and wallets, browsers, and more.

Supported formats include mobile device backups for Android, iOS and Blackberry, UFED images, JTAG and chip-off dumps.

Office Documents and SQLite Viewer

Extended by this module, your copy of Belkasoft Evidence Center will be able to analyze Office and SQLite files, important in modern investigations.

Office documents of multiple formats are supported, such as Microsoft Office, Open Office, PDF and RTF. The product extracts metadata and texts, carves deleted documents and creates a full-text index enabling nearly instant search.

BEC supports in-depth analysis of SQLite databases, used by multiple popular modern apps. Built-in SQLite Viewer allows review of raw records, while out-of-the-box analysis of various artifacts can be significantly improved by the product's analysis of important SQLite areas such as freelist, write-ahead log and journal file, and SQLite unallocated space. Even partially damaged and corrupted SQLite databases can be opened by the viewer.

Remote Acquisition

Remote Acquisition module allows you to perform acquisition of various data sources from remote locations. Available data source types include
  • hard or removable drives
  • RAM memory
  • mobile device
The acquisition is performed with the help of an agent, installed to a remote device such as a computer or a laptop. The agent can be deployed with Group Policy Object (GPO) inside a Windows domain or by manually copying and running at a remote device.



Please feel free to send your request to sales@belkasoft.com or +1 (650) 272-0384 (WhatsApp/phone) and we will be happy to create a quote for you.