"I took Belkasoft Evidence Center for a spin around the block"
Brett Shavers from DFIR.training reviewed Belkasoft Evidence Center. As he puts: "BEC does a really good job at running across data, putting everything into its own category, and creating an easy view of the entire case. There is some deep dive analysis use, and some user control, but the strength lies in the ease of laying out the data in a manner that practically anyone can see and understand. It does make it easy and working a case is faster when the data is organized in this fashion". Below you can read a part of the article. To read the entire article, follow this link.
* * *
Brett Shavers: Belkasoft Evidence Center lives up to its tagline of “forensics made easier”. For a near complete automated case work, it works. An intuitive interface and automated processes make processing practically user-error free.
I took Belkasoft Evidence Center (BEC) for a test drive, ran it across several images, and validated what I saw with a different forensic suite. Everything that I tested, worked. Plus, it did a few things that my other tools do not.
At this point of digital forensics software development, especially with name brand companies such as Belkasoft, I am not going to get into the things that every forensic suite should be able to do, such as; adding images or imaging or data carving or creating bookmarks of items, unless there is something substantially different. If a tool cannot do the basics, then I don’t want to touch that tool or let it touch my evidence.
With that, this is my opinion of the Belkasoft Evidence Center, which is not an instruction manual, but rather the cool things that I like, and the differences from other tools that I see. Negatives? Of course, because no one tool will ever satisfy me as no single tool does everything exactly the way that I (as in, just me) like it.
Overall, I like it.
Top 4 positive bullet points of my test run:
- Easy to set up
- Processes data quickly
- Intuitive GUI
- Gives a clear visual of the evidence
I'll get into negatives later.
What’s different (or easier)
Top 4 things that caught my attention:
- SQLite forensics
- Live RAM processing and memory carving
- VSC support (and snapshots are in the same place as the current drive state)
- APFS support
* * *Belkasoft Evidence Center is available at belkasoft.com/get