Blog

In this blogpost we will discuss the newest Belkasoft T, a DFIR tool developed specifically for a quick triage of a live Windows computer.

Most of you are aware that digital forensic triage is very helpful when you need to quickly prioritize digital evidence.

Belkasoft Triage (or Belkasoft T) is designed to assist you with this task. When you, an investigator or a first responder, are at a crime or incident scene and need to quickly identify and obtain specific digital evidence stored on a Windows machine, Belkasoft T comes handy. The product is useful during situations of time pressure when instead of an in-depth analysis of all the digital evidence you may have, it quickly detects what kind of information is stored on a device and allows you to partially copy it for subsequent deeper investigation.

To achieve your goals, you may use the following Belkasoft T features:

  • An ability of Belkasoft Triage to be launched right from a dongle connected to a device being investigated. No installation on a live computer is required: the product is portable and can be quickly configured to be used out-of-the-box right on the incident scene.
  • Detection of 1500+ computer, mobile and cloud artifact types: mails, chats, browsers, system settings, and more.
  • Automated acquisition of a computer RAM dump. It is of a great importance not to forget to extract memory from a live computer because of volatile data not stored anywhere else, that is why Belkasoft T will remind you to acquire it as the first step.
  • Detection of virtual machines, memory files and mobile backups.
  • Detection of a skin tone in the discovered pictures. With Belkasoft T, you will be able to quickly identify all the potential CSAM pictures.
  • Hashset search complements previous feature. You will appreciate a popup shown immediately if a file with a known hash detected.
  • An ability to stop the analysis at any time once you got enough information. If you realize that the required evidence is already found, you can Immediately proceed to the data export.
  • Partial or full export of discovered profiles.
  • Standard format used for the exported image: the results of Belkasoft T can be further analyzed with Belkasoft X as well as similar digital forensic tools.

Belkasoft team sincerely hopes that the new product will facilitate your in-the-field investigations.

Learn more about Belkasoft T at https://belkasoft.com/triage

Request a quote: https://belkasoft.com/pricing Got a question? Ask our expert at sales@belkasoft.com