Belkasoft Evidence Center X (Belkasoft X) is Belkasoft's flagship product for digital forensics, cyber incident response and eDiscovery.

The latest update, Belkasoft X v.1.16, features the biggest change with the addition of Drone Forensics support. This update allows for analysis of over a dozen specific drone models, as well as hundreds of compatible models.

Other improvements include:

• Agent-based iOS acquisition: support for iOS v.15.2 to v.15.3.1
• Decryption of newest versions of MIUI (Xiaomi) and HiSuite (Huawei) backups
• Mega cloud acquisition
• AVC video analysis
• Sigma rules support
• Enhanced automation: configuration tool and other improvements

Upgrading from previous versions of Belkasoft X to v.1.16 is free to all customers with an active Software Maintenance and Support (SMS) contract. Customers with SMS contracts that have expired or are near expiration, may review and renew from your Customer Portal.

An affordable training with an optional certification is also available including the on-demand options.

New features details

Drone Forensics

Belkasoft X v.1.16 allows ingesting, parsing, and analyzing of the following drone models:

• ArduPilot DIY Drone
• DJI Agras MF-1S
• DJI Matrice
• DJI Mavic
• DJI Phantom 3
• DJI Phantom 4
• DJI Spark
• Parrot Anafi
• Yuneec Typhoon Q500

You can also analyze compatible drone models.

The most important types of data supported include geolocation and tracks, pictures and videos, operator logs and tracks.

Mobile Forensics

• Agent-based iOS acquisition. In the v.1.16 the agent-based full file system acquisition is updated to support iOS v.15.2 to v.15.3.1, so that the entire range of supported iOS versions is 10.3.3 to 14.3 and 15.0 to 15.3.1
• Decryption of the latest versions of Xiaomi's MIUI backups is supported
  • The product can decrypt these backups, even if they are protected with two-factor authentication
  • Besides, you can decrypt any single BAK archive file from within the backup even without the backup manifest file
• New versions of Huawei's HiSuite backups are supported
  • HiSuite versions 10-11 supported for Windows
  • HiSuite versions 11-12 supported for macOS
• For both MIUI and HiSuite backups, older versions analysis was improved to include nested databases and files inside BAK archives

Cloud Forensics

• Downloading of the files stored on Mega.nz cloud is supported
• iTunes cloud acquisition updated

Media Forensics

• AVC video format supported: search, analysis and keyframe extraction. This feature is particularly important for drone analysis, as many drones utilize the AVC format
• A number of improvements in keyframe preview generation made
• 'Frame per second' keyframe extraction setting now works as expected

Enhanced Automation

Automation attracted the attention of many customers, who requested more and better capabilities for their needs. Another batch of updates were made, including:

• Configurator tool. Instead of editing complicated JSON options file manually, you can tune your workflow easily with a convenient user interface
• Better JSON mistakes handling. If you decide to manually fix your options file and make a mistake, the product will better diagnose the error
• We added more report formats to the command line interface

Given a high level of customer interest in this feature, we have prepared a set of articles on Belkasoft X Automation for you:

• Automation with Belkasoft X: Installation and licensing
• Automation with Belkasoft X: Acquisition and analysis
• Automation with Belkasoft X: Export for Amped FIVE
• Automation with Belkasoft X: Putting pieces together

To remind, unlike the competition, who sell automation features as a standalone product, Belkasoft offers automation free and seamlessly integrated into Belkasoft X!

Sigma rules support

Sigma rules are a standardized way to define detection logic for security events. They can be used in cyber incident response to automate detection and response workflows across multiple security tools and platforms. With the new version of Belkasoft X, users can browse and detect matches for Sigma rules within found event logs.

You can find more details about this feature here: Walkthrough: Sigma Rules in Belkasoft X

Other improvements

• Advanced date and time filters are now supported. Users can specify specific days of the week to be included in the filters, as well as time spans
• PDF reports reworked to support huge file generation (thousands of pages)
• An error with HexViewer not showing carved data—fixed
• Evidence Reader requiring administrative rights to run—fixed