Mobile data acquisition with Belkasoft X

Belkasoft X offers a range of acquisition methods for iOS- and Android-based devices:

IOS ACQUISITION METHODS: up to iOS 15

iTunes

iTunes backups acquisition (including lockdown files support)

This is a standard way to backup iOS device data. It requires iTunes to be installed on the machine where Belkasoft X is running, as well as an unlocked device or a valid lockdown file.

Since encrypted iTunes backup contains more data, Belkasoft X automatically turns on encryption if no password is set in iTunes.

Supported iOS versions: any (including iOS 15)

Checm8

checkm8-based acquisition

Belkasoft X supports forensically sound, jailbreak-free extraction of selected iOS devices via a hard-coded, unpatchable exploit called 'checkm8'. Compatible devices include the range of iPhone and iPad devices powered by Apple's A7 through A11 SoC (iPhone 5s through iPhone X and corresponding iPad models). Full file system and keychain can be acquired using this method.

Supported iOS versions: 12.0 to 15.5

Agent-based_acquisition

Agent-based acquisition

Agent-based method is another approach to acquire an iPhone or an iPad without jailbreak. The acquired image contains full file system copy and keychain, similarly to checkm8 or jailbroken device image.

However, unlike checkm8, it works on a broader range of devices and iOS versions, including iPhone XS/XS Max, iPhone XR, iPhone 11/Pro/Pro Max, iPhone 12/12 mini/12 Pro/12 Pro MAX, iPhone SE (2nd gen), iPad Air (3rd gen) and iPad Pro (3rd gen) and others.

Supported iOS versions: iOS 10.3.3 to iOS 14.3 (full file system and keychain)

Jailbroken

Support for the latest jailbreaks

Belkasoft X supports the latest jailbreaks like checkra1n, odyssey, unc0ver and others. In some cases, jailbreaking is the only method to extract important data from a device under investigation. With Belkasoft X it is possible to acquire a full file system as well as keychain from jailbroken iOS devices.

Supported iOS versions: Any, if a jailbreak was successfully installed

Media

iOS crash log extraction

Belkasoft X can extract iOS crash logs as a separate type of acquisition. You do not need to jailbreak your device; it is sufficient to have a passcode or a valid lockdown file of the device.

Supported iOS versions: Any

LOG

Media files copy via AFC protocol

This acquisition type is based on AFC (Apple File Conduit), an Apple's proprietary protocol for media files transfer from an iOS device to a host computer. This type of acquisition allows copying pictures, audio and video files. It requires iTunes to be installed on the machine where Belkasoft X is running.

Supported iOS versions: Any

Screen Capture

Screen capturing

With the help of this method, Belkasoft X has the ability to capture screenshots of various popular applications installed on a device. You can take screenshots of chat threads and call lists.

ANDROID ACQUISITION METHODS

ADBBackup

ADB backup acquisition

A standard ADB backup is built in the Android operating system and available on any Android device. Belkasoft X supports this kind of acquisition for a vast majority of Android-based devices.

Android Filesystem Copy

Logical and physical acquisition of rooted Android devices

With Belkasoft X you can acquire both physical and logical image of an Android device where administrative rights are obtained ('rooted device'). Logical image, which is a full file system copy, is useful when your device has built-in encryption and physical image has no sense.

iTunes

Agent-based acquisition

This acquisition method uses a special application ('agent'), installed by Belkasoft X to a device. The agent helps transferring data from the device to Belkasoft X. The range of data depends on a chipset vendor.

Upon the acquisition the agent will be automatically uninstalled by Belkasoft X.

MTK

Support for MTK-based devices

Belkasoft X has a specific support for acquisition from devices powered by MediaTek. A number of acquisition methods supported, each of them has its own requirements and range of acquired data (logical file system image, physical dump, particular types of applications).

The wide variety of MTK-based devices and MTK chipsets is supported, including popular smartphones—such as LG, HTC, Sony Experia and others, as well as exotic devices—Gionee, Oppo and Umidigi.

Find out which MTK-based devices are supported

Qualcomm

Support for Qualcomm-based devices

Belkasoft X allows you to acquire a physical image from a vast amount of different mobile device models running on Qualcomm Snapdragon SoC. This method is based on an emergency download mode (EDL).

The list of supported devices includes more than 250 smartphone models, including various models of Samsung, Xiaomi, Meizu, ZTE, Vivo and others.

Find out which Qualcomm-based devices are supported

Qualcomm

Support for Spreadtrum-based devices

Belkasoft X also allows you to acquire a physical image of a vast amount of different mobile device models running on a Spreadtrum chipset.

The method supports almost 90 phone models, including various models of Archos, ARK, BLU, Intex, Micromax and others.

Find out which Spreadtrum-based devices are supported

APK Downgrade

APK downgrade method

This method allows a user to install an older version of an applications to a device, which allows for the extraction of data from applications that have removed the possibility of backing up their data into the standard ADB backup. Upon the acquisition completion, the original versions of applications will be restored, even if the acquisition completed incorrectly.

Belkasoft X supports downgrade of multiple applications including Facebook Messenger, Instagram, KakaoTalk, Opera, Signal, Skype, Telegram, Twitter, Viber, WeChat, WhatsApp, Zello and others.

Media

Media files copy via MTP/PTP protocols

This acquisition method uses Media Transfer Protocol / Picture Transfer Protocol and allows copying pictures, audio and video files from a device to a computer.

Advanced ADB Acquisition

Advanced ADB acquisition

This acquisition method is a combination of all available methods powered by ADB into a single task. It first starts with an agent-based acquisition, then runs an APK downgrade followed by full ADB backup creation, then data from Shared Folder is copied.

Automated Screen Capture

Automated screen capturing

With the help of this method, Belkasoft X has the ability to capture screenshots of various popular applications installed on a device. You can take screenshots of chat threads and call lists. Handy options allow you to set maximum number of pages to capture, which helps when working with large volumes of chat or call data. You can also specify directions for the scrolling, whether up or down.

See also

Why Belkasoft should be your tool of choice for mobile forensics

[Infographics] Mobile forensics with Belkasoft X

[Free On-demand –°ourse] Mobile Forensics with Belkasoft X

Why use Belkasoft X?

Combines mobile, computer and cloud forensics in a single tool

Helps acquiring data even in complex setups

Analyzes 1500+ types of artifacts out of the box

Belkasoft X is easy to use!

Allows for advanced low-level analysis

Much more cost-effective

Shows the entire picture thanks to high-level analysis

Quick to complete data extraction and parsing

What's next?

TRY

Free trial

Start free trial of Belkasoft Evidence Center X and experience its ease of use and reliability along with the cutting-edge digital forensics capabilities.

Start free trial

CONTACT

NEED ADVICE?

Talk to an expert who can help you to identify the Belkasoft configuration you need and answer your questions.

Talk to us