Belkasoft
X Forensic

Reliable end-to-end solution to accelerate digital forensic and cyber incident response investigations


Free trial

Overview

Belkasoft X Forensic (Belkasoft Evidence Center X) is a flagship tool by Belkasoft for computer, mobile, drone, car, and cloud forensics. It can help you to acquire and analyze a wide range of mobile and computer devices, run various analytical tasks, perform case-wide searches, bookmark artifacts, and create reports.

This tool is offered to Government customers only.

 

"The short story: Belkasoft X gives great value in both cost and features."

Brett Shavers, USA

Comprehensive investigations

Belkasoft X Forensic acquires, examines, analyzes, and presents digital evidence from major sources—computers, mobile devices, RAM, cars, drones, and cloud services—in a forensically sound manner. If you need to share the case details with your colleagues, use a free-of-charge portable Evidence Reader.

Easy-to-use

Belkasoft X Forensic works out of the box and can be easily integrated into customer workflows. The software interface is so user-friendly that you can start working with your cases right after the Belkasoft X Forensic deployment.

Quick and smart

While performing search tasks for evidence, Belkasoft X Forensic uses approaches that enable it to find the most forensically significant artifacts quickly instead of wasting time on redundant operations.

Powerful analytical features such as a connection graph, a timeline and advanced picture and video analysis help you to uncover facts rapidly.

Save your time and efforts

Belkasoft X Forensic efficiently automates extraction and analysis tasks. The product can run unattended or be automated using the command line, allowing you to multitask and complete investigations quicker.

Tailored to your needs

Whether you work as an expert in a digital forensic laboratory for a federal law enforcement agency, a local or state police department investigator, our perpetual licensing and affordable price will perfectly fit your needs and budget.

Time-proven

Belkasoft X Forensic encompasses many years of experience, a team of outstanding professionals, a large amount of user feedback, and expert suggestions from numerous investigators in both law enforcement and the corporate world.

Features

Mobile and Computer Acquisition

The product allows you to acquire data from a computer, a laptop or a mobile device. Hard and removable drives are acquired into DD and E01 formats with optional hash calculation and verification. For mobile devices running iOS, Belkasoft X Forensic acquires iTunes backup and full file system copy with keychain by means of agent-based and checkm8-based methods or when a device is jailbroken; for Android devices there are multiple approaches to data acquisition: standard ADB or agent-based backup, Qualcomm and MTK-specific dumps, physical and logical backup for rooted devices, APK downgrade and other methods.

E01/DD imaging
checkm8
Jailbreak support
Agent-based
acquisition

Mobile and Computer Device Examination

Supporting all major desktop and mobile operating systems, Belkasoft X Forensic is suitable for mobile and computer forensics. It can parse real and logical drives and drive images, virtual machines, mobile device backups, UFED and GrayKey images, JTAG and chip-off dumps.

Chat apps
Browsers
Mailboxes
Documents
Pictures & videos
Audio
System files
Mobile apps
Payment apps
Online games
Clouds
P2P

Smart and Comprehensive Analysis

The product looks everywhere on the device completely automatically and can successfully identify thousands types of digital artifacts. Convenient artifact search, sorting, bookmarking and filtering help to narrow down the findings.

File system explorer
Artifacts viewer
SQLite viewer
Registry viewer
Plist viewer
Hash set analysis
Advanced picture and
video analysis
WDE and file decryption
Timeline
Connection graph

Native SQLite parsing

Recovers corrupted and incomplete SQLite databases, restores deleted records and cleared history files. Processes freelists, write-ahead logs, journal files, and SQLite unallocated space.

Live RAM analysis

Belkasoft X Forensic can extract potentially crucial information from volatile memory, such as: in-private browsing and cleared browser histories, online chats and social networks, cloud service usage history, and much more. Belkasoft Live RAM Capturer is a powerful tool for creating memory dumps, and it is complimentary.

Handy built-in tools

Plist, Registry, and SQLite viewers allow you to work more thoroughly with particular types of data and find even more evidence than automatic search was able to discover.

Low-level investigations

Through its File System window, Hex Viewer, and Type Converter tools, Belkasoft X Forensic allows you to perform deep examinations into the contents of files and folders from devices. With its customizable File and Data carving functions, you get to recover deleted and hidden artifacts and perform memory process analysis to view alive and dead processes in memory dumps. You can also use its hash algorithms to run searches against hash sets (NSRL RDSv3 and ProjectVic formats included).

Customizable reports in multiple formats

Reports in numerous formats such as text, HTML, XML, CSV, PDF, RTF, Excel, Word, EML, KML, ProjectVIC JSON, Relativity Short Message Format, Semantics21 and others.

Free portable case viewer

Free Evidence Reader allows sharing your findings with your colleagues with or without Belkasoft X Forensic installed.

Download
BELKASOFT X FORENSIC ONE-PAGER

What is new in the latest version of Belkasoft X Forensic

Learn more

Belkasoft X Forensic Functionality

Belkasoft X Forensic is the complete solution for conducting in-depth investigations on all types of digital media devices and data sources, including computers, mobile devices, RAM, drones, car images, and the cloud. It is an irreplaceable analytical tool for digital forensic laboratories of federal law enforcement agencies and state-level police departments.

When you purchase this product, you get to:

  • Computer Forensics:
    • Extract data from hard drives, mount and analyze hard drives, disk images, virtual machines, and RAM
    • Examine and analyze hundreds of artifacts: instant messengers, browsers, mailboxes, documents, images and videos, system files, online games, and payment applications, cloud artifacts
  • Mobile Forensics:
    • Brute-force passcodes for a range of iOS and Android devices
    • Acquire images of multiple iOS and Android device models by means of several acquisition methods such as standard backups, agent-based dumps, lockdown files, checkm8, application downgrade and others
    • Analyze older models of Blackberry and Windows phones
    • Examine and analyze mobile artifacts—calls and messages, mailboxes, messenger apps data (WhatsApp, Signal, Telegram, Snapchat, WeChat, etc.), social media apps (Facebook, Twitter, Tinder, etc.), cryptocurrencies, browsers, and many more
    • Utilize Belkasoft X functionality to mount third-party tools images (UFED, GrayKey, etc.), mobile backups, chip-off dumps, TWRP images, JTAG dumps, etc.
  • Cloud Forensics: Acquire and analyze data from cloud sources
  • Car Forensics: Analyze Berla images to add digital artifacts from a car to your single case timeline
  • Drone Forensics: Examine digital artifacts from dozens of supported drone models
  • Analytical features:
    • Connection graph to reveal connections between artifacts and people in a case
    • Timeline to identify all the events within a specific timeframe
    • Smart and powerful carving feature to locate evidence that was deleted, destroyed, or never permanently stored on the hard drive at (page file, hibernation file, RAM contents)
    • Perform in-depth examinations into the contents of files and folders on the device with File System Explorer
  • Built-in Viewers: Find even more evidence with Plist, Registry, and SQLite Viewers; MFT and Alternate Data Stream Viewers, as well as low-level Hex Viewer
  • Decryption: Access devices encrypted with whole device encryption (WDE), such as APFS, Bitlocker, TrueCrypt and others
  • Automation: Streamline your processes and parallelize your work across different workstations
  • Cloud-based image analysis: Easily share larger images inside your Amazon S3-compatible private or government cloud
  • Perpetual, not a term-based license!

Technical specifications

Belkasoft X Forensic allows data acquisition and analysis from multiple sources

  • Operating systems: Windows (all versions, including Windows 11), macOS, Unix-based systems (Linux, FreeBSD, etc.)
  • Storage devices: hard drives and removable media
  • Disk images: EnCase, FTK, X-Ways, AFF4, L01/Lx01, DD, SMART, Atola, DAR, DMG, archive files (such as tar, zip and others)
  • Virtual machines: VMWare, Virtual PC/Hyper-V, VirtualBox, XenServer
  • Cloud storage: Amazon S3-based images
  • Memory: RAM dumps, hibernation files, page files
  • File systems: APFS, BTRFS, FAT, exFAT, NTFS, HFS, HFS+, ext2, ext3, ext4, XFS
  • Acquisition: Available to DD or E01 images with optional hash calculation and verification
  • Operating systems: iOS (iPhone/iPad), Android, Windows Phone 8/8.1, Blackberry
  • Data sources: Mobile backups, GrayKey, UFED and OFB images, UFDR reports, chip-off and JTAG dumps, TWRP images, Blackberry IPD and BBB backups, Android physical and logical dumps, Xiaomi MIUI backups, Huawei HiSuite backups
  • File systems: APFS, HFS+, F2FS, YAFFS, YAFFS2, ext2, ext3, ext4
  • Acquisition
    • iOS: iTunes, agent-based, checkm8-based, lockdown file support, AFC, jailbroken devices support, crash logs, screen capture
    • Android: ADB backup, advanced ADB backup, agent backup, rooted devices support, PTP/MTP, EDL for Qualcomm, APK downgrade, agent-based/logical/physical MTK acquisition, Spreadtrum acquisition, automated screen capture, wireless acquisition via an agent on an SD card
    • SIM cards: SIM cards cloning through a SIM reader device and through native Android means
  • Google Clouds: Google Drive, Google Sync, Google Keep, GMail, Google Timeline, Google MyActivity
  • iCloud
  • Email: Yahoo, Hotmail, Opera, Yandex, Mac.com and 25 more webmail clouds
  • Huawei
  • Instagram
  • Microsoft 365
  • WhatsApp: backups downloading and QR code-based chat downloading
  • Telegram
  • VK
  • Supported models: ArduPilot DIY Drone, DJI Agras MF-1S, DJI Matrice, DJI Mavic, DJI Phantom 3, DJI Phantom 4, DJI Spark, Parrot Anafi, Qysea Fifish P3, Ryze Tello, Sense Fly, Sky Viper, Yuneec H520, Yuneec Typhoon Q500 and other compatible models
  • Supported artifacts: drone geolocation and tracks, operator logs and tracks, pictures, videos
  • Visualization: Drone flight route maps and operator route maps in a built-in Maps window
  • Supported images: Berla .ivo export for Belkasoft
  • Supported artifacts: geolocation and tracks, chats, SMSes, and calls, contacts, media, and other information from the infotainment system
  • Visualization: Drive routes in a built-in Maps window

Talk to an expert who can help you to identify your needs and answer your questions

Talk to us

Ready to try?

Request your free trial today

TRY NOW