What's New in Belkasoft Evidence Center 2020 Version 9.9
Belkasoft Evidence Center 2020 v.9.9 (or, in short, BEC)
is an all-in-one forensic solution, combining mobile and
computer forensics as well as memory, cloud and remote forensics, and incident
investigations in a single tool. Given its affordable price, it is one of
the best choices among other available products on the market.
The version 9.9 of Belkasoft Evidence Center mostly focuses on three major
improvements: checkm8-based full file system acquisition of iOS devices,
correctness of analysis of GrayKey images and zip containers
in general, and carving performance. With v.9.9 you can robustly analyze all zip-based
data sources. The speed of artifact and file carving is now as quick as never
before.
Sign up for a webinar
on BEC v.9.9!
Upgrading to version 9.9 is free to all customers with a non-expired Extended
Software Maintenance and Support contract. Customers without a current contract
can purchase it from the Customer Portal.
Affordable training with optional certification is available.
More on new features
Mobile Forensics
- checkm8-based acquisition of the full file system supported
- Keychain extraction from jailbroken iOS devices or whilst checkm8-based acquisition
- iOS Signal chat app decryption
- GrayKey images analysis massively improved and accelerated
- Full file system extraction based on agent approach without jailbreak on iOS 10 to 13.4.1 and wide range of iOS devices
- ADB-based Android device acquisition improved
- Agent-based Android device acquisition improved
- Android apps supported or updated
- Android OneDrive support updated to v. 5.40.4
- Android Google Docs supported
- Android Google Maps improved
- Android Google Translate supported
- iOS apps supported or updated
- iOS Yahoo Mail app improved
- Text extraction improved for iOS Evernote app
- Attachments for iOS Evernote now extracted properly
- Contacts extracted from Facebook profiles when analyzing iTunes backup
- iOS Hangouts messenger supported (including geolocation data extraction)
Computer Forensics
- Carving performance is significantly improved
- Zip-based data sources analysis is massively improved
- Carved data is no more stored in database what will also save
significant amount of space for every case
- Virus Total analysis fixed
- Analysis of Puffin browser for Windows improved
- LNK files analysis improvements continued
- LNK carving and analysis of carved LNK files is significantly
improved
- Reports are improved for LNK artifacts
- Folder names are extracted for mailboxes of Mail 163 Windows
app
- Windows OneDrive app support updated
- Issues when creating Key dictionary for password bruteforce
are fixed
- Hex is now displayed for Jumplists and LNK files
- Incorrect filter criteria by 'has embedded files' for Documents
fixed
Incident Investigation
- OpenSavePdl artifacts cleared up
- Author field extraction fixed for Scheduled Tasks artifacts
- Prefetch files, Shim cache and Windows Power Shell
artifacts presented better
- Origin path for Prefetch files filled
- Data from the future extracted for Scheduled Tasks
artifacts—fixed
- Windows RDP-Related Events Log analysis supported
Remote Acquisition
- Deployment via GPO is available again. Now there are three
deployment types: local (using thumbdrive or network share), via WMI,
via GPO
- Remote agent stability improved when Server and Agent are of different
versions
SQLite Viewer
- Carved SQLite unallocated data now always shown on the
corresponding page inside SQLite Viewer (it was blank in some
circumstances before)
- SQLite loading made quicker for switching between different
artifacts in artifact list
- Report creation from SQLite Viewer fixed
- WAL records count properly shown at the bottom of each SQLite
Table
Other Improvements
- Windows Google Drive data extraction improved. Offset is now shown
for Google Drive artifacts. Hex now properly highlights them
- Video keyframe analysis for faces, skin etc improved
- Length extraction improved for OneDrive artifacts on Windows
- Google Consent Page fixed for Google Drive and Gmail cloud
downloading
- Incorrect count for pictures in Overview when key frames are
presented—fixed
- The "Copy files" option doesn't work for videos from Overview—fixed
- Search terms from cases made with previous BEC version are not
displayed on Search Result tab—fixed
Sign up for a webinar on
new BEC v.9.9