What's New in Belkasoft Evidence Center 2020 Version 9.9

Belkasoft Evidence Center 2020 v.9.9 (or, in short, BEC) is an all-in-one forensic solution, combining mobile and computer forensics as well as memory, cloud and remote forensics, and incident investigations in a single tool. Given its affordable price, it is one of the best choices among other available products on the market.

The version 9.9 of Belkasoft Evidence Center mostly focuses on three major improvements: checkm8-based full file system acquisition of iOS devices, correctness of analysis of GrayKey images and zip containers in general, and carving performance. With v.9.9 you can robustly analyze all zip-based data sources. The speed of artifact and file carving is now as quick as never before.

Sign up for a webinar on BEC v.9.9!

Download Free Request a quote

Download quote

Upgrading to version 9.9 is free to all customers with a non-expired Extended Software Maintenance and Support contract. Customers without a current contract can purchase it from the Customer Portal. Affordable training with optional certification is available.

More on new features

Mobile Forensics

checkm8-based acquisition of the full file system supported
Keychain extraction from jailbroken iOS devices or whilst checkm8-based acquisition
iOS Signal chat app decryption
GrayKey images analysis massively improved and accelerated
Full file system extraction based on agent approach without jailbreak on iOS 10 to 13.4.1 and wide range of iOS devices
ADB-based Android device acquisition improved
Agent-based Android device acquisition improved
Android apps supported or updated
- Android OneDrive support updated to v. 5.40.4
- Android Google Docs supported
- Android Google Maps improved
- Android Google Translate supported
iOS apps supported or updated
- iOS Yahoo Mail app improved
- Text extraction improved for iOS Evernote app
- Attachments for iOS Evernote now extracted properly
- Contacts extracted from Facebook profiles when analyzing iTunes backup
- iOS Hangouts messenger supported (including geolocation data extraction)

Computer Forensics

Carving performance is significantly improved
Zip-based data sources analysis is massively improved
Carved data is no more stored in database what will also save significant amount of space for every case
Virus Total analysis fixed
Analysis of Puffin browser for Windows improved
LNK files analysis improvements continued
LNK carving and analysis of carved LNK files is significantly improved
Reports are improved for LNK artifacts
Folder names are extracted for mailboxes of Mail 163 Windows app
Windows OneDrive app support updated
Issues when creating Key dictionary for password bruteforce are fixed
Hex is now displayed for Jumplists and LNK files
Incorrect filter criteria by 'has embedded files' for Documents fixed

Incident Investigation

OpenSavePdl artifacts cleared up
Author field extraction fixed for Scheduled Tasks artifacts
Prefetch files, Shim cache and Windows Power Shell artifacts presented better
Origin path for Prefetch files filled
Data from the future extracted for Scheduled Tasks artifacts—fixed
Windows RDP-Related Events Log analysis supported

Remote Acquisition

Deployment via GPO is available again. Now there are three deployment types: local (using thumbdrive or network share), via WMI, via GPO
Remote agent stability improved when Server and Agent are of different versions

SQLite Viewer

Carved SQLite unallocated data now always shown on the corresponding page inside SQLite Viewer (it was blank in some circumstances before)
SQLite loading made quicker for switching between different artifacts in artifact list
Report creation from SQLite Viewer fixed
WAL records count properly shown at the bottom of each SQLite Table

Other Improvements

Windows Google Drive data extraction improved. Offset is now shown for Google Drive artifacts. Hex now properly highlights them
Video keyframe analysis for faces, skin etc improved
Length extraction improved for OneDrive artifacts on Windows
Google Consent Page fixed for Google Drive and Gmail cloud downloading
Incorrect count for pictures in Overview when key frames are presented—fixed
The "Copy files" option doesn't work for videos from Overview—fixed
Search terms from cases made with previous BEC version are not displayed on Search Result tab—fixed

Download Free Request a quote

Download quote

Articles

5 bloopers of a digital forensic investigator

Digital Forensics Survey 2021: Results

This report presents the combined results of the Digital Forensics Survey conducted by Belkasoft in 2021. Feedback from 200+ digital forensics investigators from all over the world whom we surveyed helped us identify the latest trends around ... Read more

Subscribe to our Newsletter