Belkasoft Industry
Research 2023

Geography and participants

People from 74 countries took part in the survey

The geography of our survey was very diverse. This diversity not only reflected the global reach of our research but also underscored the widespread relevance of the Digital Forensics and Incident Response (DFIR) field.

Participants’ positions

Our survey participants work in law enforcement and government organizations as well as other industries, such as corporate security, private DFIR laboratories, and education.

Workload and challenges

Workload: actual vs desirable

We expected to see a considerable gap between the actual and desirable workload. Surprisingly, the results revealed that many figures were remarkably close, indicating that overall, most examiners are comfortable with the number of tasks on their plates.

Challenges

The most frequently highlighted challenges included tasks like bypassing passcodes, decryption, coping with limited hardware and software resources, and managing tight timeframes.

In addition to these, respondents also highlighted less-known yet equally significant challenges, such as cross-checking cases for similarities, adhering to strict ISO and legal compliance, and dealing with skill shortages.

An expert from the United Kingdom articulated a common concern among law enforcement workers quite effectively:

"Not enough software and hardware resources for the number of analysts that need to use them at any one time. For example, we have twice as many mobile phone analysts as we do licenses, leading to an inevitable bottleneck and frustration.

The need to release licenses to another analyst means that processing can be rushed and that the time to really, really deep-dive into an exhibit just isn't available. At some point, something pivotal will be missed and that will cause major issues in court, with reputational risks following."

If some tasks beyond one's capabilities are repeated from time to time, there is one interesting case worth mentioning that we see for the first time:

"I've been asked to deal with game machines. Also, I had to reverse engineer a device whose main task was to work with a thermal camera."

Have you ever been challenged with tasks beyond the capabilities of your DFIR stack? Could you share what they were?

"Yes. Surprisingly often! We commonly see new devices well in advance of any vendor support for them, and quite often, we just have to do the best that we can using the techniques and experience available to us. The adoption of ISO will make this non-standard way of working largely redundant, I suspect, leaving us in a situation where if a device isn't supported by an approved tool, then we'll have to just leave it until it's officially supported, which is utterly ridiculous."

"Things get complicated when multiple devices are involved. Most tools are seen happiest dealing with one device at a time. Building that cross-device narrative always feels like you're doing a lot manually, otherwise, things get confusing or missed," shares another expert from the United Kingdom.

Learning

How do you stay up-to-date with the latest industry trends and technological advancements?

In this part of the survey, our objective was to find out how DFIR specialists gain the necessary skills to stay current with rapidly evolving technology. The findings demonstrate that free training and articles stand out as the most preferred options, which unequivocally validates Belkasoft’s commitment to creating quality courses and content.

There are numerous DFIR blogs and websites that respondents follow. In fact, the number of unique resources exceeds a hundred. We have listed the majority of them at the end of the report.

We were especially glad and proud to read notes like these one:

"One of my favorites is Belkasoft's Newsletter. Other than that, I am also following DFIR.blog, Medium.com, and Hackernews.com for more content related to forensics and others. SANS publication is also a good resource to update yourself for forensics," wrote a security engineer from India.


"I follow Yuri. However, I also utilize SWGDE for best practices and some other cybersecurity authors," wrote an expert from the USA. 

Following Belkasoft's CEO, Yuri Gubanov, is a good option, as some news is often posted on Yuri's page even before it appears on official Belkasoft resources. You can also follow him: Yuri Gubanov | LinkedIn.

How often do you take training?

Despite demanding workloads and busy schedules, a substantial number of survey participants manage to carve out time for enhancing their DFIR expertise. They do so by regularly enrolling in various training courses.

Sharing / Mingling

Moving forward, we explored the main "watering holes" where DFIR specialists come for knowledge sharing, learning, and social interaction. At the forefront, we found LinkedIn taking the lead. However, the fact that YouTube secured a strong second position sends a clear message—don’t miss this source of knowledge! Your industry peers find this platform very useful.

Which social networks do you use for accessing work-related content?

While the most respondents mentioned LinkedIn and YouTube, others emphasized the significance of platforms such as Discord, Reddit, and Twitter. These mentions highlight that these media are valuable for learning and networking, so they're definitely worth checking out if you haven't used them before.

Digital forensics tools

How satisfied are you with your current toolkit?

In the dynamic world of DFIR, perfection is elusive, and no toolkit reigns supreme in every aspect. Yet, the data paints an interesting picture—nearly half of our respondents lean towards contentment rather than dissatisfaction, and a select few are happy with their toolkits. Meanwhile, a quarter of peers describe their experience as neutral.

What specific features or benefits attract you to new DFIR products or services?

What sets DFIR products apart? According to participant responses, it is not necessarily unique features but rather product quality, pricing, and versatility that matter most in today's DFIR landscape.

Belkasoft, in line with these priorities, focuses on three key aspects:

Ensuring High-Quality Products: We understand the critical importance of the findings derived from DFIR tools, and we are committed to delivering high-quality products.

Affordable and Transparent Pricing: Having worked with both government-funded and business organizations, we know the budget constraints you face. Hence, we always aim to provide cost-effective and transparent pricing for Belkasoft products. You can compare Belkasoft X pricing with your current toolkit by requesting the quote HERE.

Versatile Capabilities: Our flagship product, Belkasoft X, supports a wide range of devices and operating systems, empowering users to perform various tasks such as acquisition, triaging, analysis, and more.

Belkasoft user experience

We didn't miss the chance to gather insights on our peers' experiences with Belkasoft X, and here are the answers we received:

"Belskasoft X, the one I used, is a very useful tool, with one of the best GUI I've ever seen in my life, easy to use, very helpful with the organization of each case, low resources consume"

Axel Díaz Ortega, Colombia

"So far, I'm using Belkasoft X, and I find it very easy to use while being very fast in finding the artifacts needed."

Сhang Shiau Huei, Malaysia

"Belkasoft X improves my mobile forensics workflow. So far so great. User-friendly GUI. Highly recommended even for beginners."

Rehmark Paguio, the Philippines

"I have found greater recovery of some files on Apple laptops and Androids. Timelining to show unauthorized access post-seizure is most helpful."

Richard Grant Boddington, Australia

"I thoroughly enjoyed using the software. I applied it to analyze both my phone backup and RAM dump data. Specifically, I utilized it for assessing RAM dump information and extracting various artifacts. The software's structured organization and diverse data carving techniques stood out. Additionally, the tool allows for the generation of comprehensive reports based on the analysis results."

Tojo P. Thomas, India

"It worked and achieved the goal every time I needed it. User-friendly interface."

Ferreira, Portugal

"I like the amount and detail of the artifacts that Belkasoft X can handle. Easy-to-use UI. Easy-to-understand. Good support. Nice content about the usage. Supportive DFIR training."

Emre Caglar Hosgor, Turkey

"I use it daily, and I find the multipurpose aspect most beneficial. I am extremely comfortable with the tool, which is why I enjoy it so much. The product training has helped me discover many formerly unknown features of the software. I really enjoy the workflow in the tool."

Alec Tucker, the USA

"Belkasoft X gives you all the tools you need to conduct examination across multiple devices all in one product. I don't think I've ever come across another product that can provide this ability."

Daniel Roberts, Grenada

"I love the interface, the structure, and the user-friendly nature of the set. The capabilities are great and the pricing structure is terrific."

Tyler Hatch, Canada

"I use Belkasoft X every day, it helps me a lot in my cases and helped me to find an artifact that I've never known that was existing."

Hugo Dionne, France

"We have been using it for a long, and it has developed a lot… in HDD investigations, it's best.'

Tawhidur Rahman, Bangladesh

"I have used Belkasoft on a variety of successful cases. The latest has just seen a fraudster be sentenced to 4 years & 3 months in jail."

Mark Morris, the United Kingdom

"As I said, I did the trial run with Belkasoft X, and it did everything I needed really well (case management, artifact identification, streamlining the evidence to the investigator, ...). I love the product. It speeds up the investigation process a lot."

An expert from Croatia who wished to remain anonymous

'Belkasoft products are not time-consuming and give me the opportunity to quickly identify artifacts that are useful in a criminal case."

Ioan Ivan, Romania

New survey

Belkasoft has already started a new short survey titled "DFIR Lab Security Requirements."

Do you conduct your investigations in a strictly offline environment?

Currently, you can view the intermediate results on the left side of the pie chart, but we are still in the process of conducting this research. We encourage you to participate and influence the development of the Belkasoft X product. This mini-survey will take only 3 minutes. Participate HERE.

Here are some of the most frequently mentioned platforms:

SANS Institute  features articles and insights from instructors and industry experts in the field of digital forensics and incident response.

Forensic Focus  is a community-based website that offers articles, resources, and forums related to digital forensics, e-discovery, and cyber investigations.

This Week in 4n6  collects everything that happens on a weekly basis in the Digital Forensics and Incident Response community.

DFIR Discord channel is a server for DFIR Professionals by DFIR Professionals.

DFIR Review  concentrates on targeted studies of specific devices, digital traces, analysis methods, and criminal activities to help digital forensic practitioners deal with real-world issues.

Alexis Brignoni's  Blog  and  YouTube  where he talks about digital forensics in general and provides tips for mobile app forensics.

DFIR Diva  collects and organizes numerous industry resources geared toward both beginners and professionals.

DFIR Training  aggregates resources, including blogs, webinars, tools, and conferences.

Forensic Notes  is an electronic note-taking application that follows the highest standards set by law enforcement and the courts. Forensic Notes includes articles on DFIR topics.

D20 Forensics  concentrates on iOS forensics and receives particular acclaim for his coverage of Biome databases.

Digital Forensic Survival Podcast  is a podcast about computer forensic analysis, techniques, methodology, tool reviews, and more.

DFIR Science  provides tutorials and research to help digital forensic investigators conduct examinations as inexpensively and efficiently as possible.

Another Forensics Blog  also provides digital forensics and incident response research, Python scripts, and musings.

DFIR Blog  draws up topics on digital forensics, web browsers, visualizations, and provides open-source tools.

One more  DFIR Blog . This one concentrates on Mac, Windows, Memory Forensics, and Incident Response.

Cyber Social Hub  includes articles, specialized groups of your interests, informative videos, and a community of other professionals.

The DFIR Report  provides detailed case studies and analyses of real-world digital forensics and incident response investigations.

eForensics Magazine  covers all aspects of computer forensics, from theory to practice, methodologies, and standards to tools and real-world solutions.

IACIS Platform  is an international non-profit organization dedicated to training, certification, and peer support in the field of digital forensics.

And many vendor blogs.

Among less famous but important resources, we would like to mention:

Internet Crimes Against Children (ICAC) Task Force Program  is a United States national network of 61 coordinated task forces representing over 5,400 federal, state, and local law enforcement, dedicated to investigating, prosecuting, and developing effective responses to internet crimes against children.

Scientific Working Group on Digital Evidence (SWGDE)  brings together organizations actively engaged in the field of digital and multimedia evidence to foster communication and cooperation as well as to ensure quality and consistency within the forensic community.

Forensic Science International: Digital Investigation  is an international journal of digital/multimedia forensic science and evidence-based incident response.

DFRWS  is a non-profit, volunteer organization dedicated to bringing together everyone with a legitimate interest in digital forensics to address the emerging challenges of the field. DFRWS organizes digital forensic conferences, challenges, and international collaboration to help drive the direction of research and development.

The list of resources that will be interesting primarily for incident responders:

Bleeping Computer  shares the latest security threats, technology news, and ways to stay protected online. In addition to news, it provides a wide array of free technical support services, downloads, and self-education tools that allow users to resolve issues on their computers.

Hacker News  and  The Hacker News  offer a selection of the latest industry news, catering to both tech enthusiasts and observers.

JohnCySA—DFIR Blogs  is full of experiments, use cases, and handy how-to guides to threat investigation.

CyberSec & AI Connected Podcast  covers topics related to cybersecurity, artificial intelligence, and digital forensics, featuring discussions with experts in the field.

The Hacking Exposed Book Series  provides in-depth expert insight into how hackers infiltrate e-business and how they can be stopped.‌

Brian Krebs' Blog, while not exclusively focused on DFIR, Brian Krebs' blog covers a wide range of cybersecurity topics and often includes insights into various cyber incidents and investigations.

Windows Incident Response Blog  is dedicated to the myriad information surrounding and inherent to the topics of IR and digital analysis of Windows systems.

Volatility Labs Blog  specializing in memory forensics, this blog provides information about the Volatility framework and its applications in digital forensics.

Threatpost  provides news and analysis covering a wide range of cybersecurity topics, including incident response and digital forensics.

TaoSecurity Blog covers topics related to network security monitoring, incident response, and cybersecurity strategy.

Metasploit Unleashed gives access to a free online ethical hacking course.

Didier Stevens Blog  provides open-source security tools and tips related to those tools.

CrowdStrike Blog dives into topics ranging from endpoint security and threat intelligence to incident response and forensic services.

Did you enjoy Belkasoft's Industry Research? Share it on social media and with your colleagues.
Thank you!