What's new in Belkasoft X v.1.3

Belkasoft Evidence Center X or, for short, Belkasoft X, is a new flagship Belkasoft's product for digital forensics and incident investigations.

Version 1.3 of Belkasoft X is a super-release featuring mobile device acquisition updates. Among the most important updates are:

  • iOS acquisition
    • Agent-based iOS acquisition without paid Apple Developer ID
    • checkm8 now available for iOS 14.* on iPhones 8/8+/X and corresponding iPads
  • Android acquisition
    • Acquisition of Qualcomm devices using EDL mode
    • APK downgrade support

There are some other major improvements, including the long-awaited font size selection option within the user interface, additional video formats, Dropbox decryption update, more Mac system file forensics and so on.

DOWNLOAD A TRIAL
REQUEST A QUOTE

Upgrading from previous versions of Belkasoft X to version 1.3 is free to all customers with a non-expired Software Maintenance and Support contract. Customers without a current contract can purchase it from the Customer Portal. Customers with a valid Belkasoft Evidence Center SMS, can upgrade with discounts: please contact sales@belkasoft.com for your upgrade quote.

Affordable training with optional certification is available.

More on new features

The new release offers updates in various components of Belkasoft X’s digital forensics functionality, to include: mobile forensics for both Android and iOS, computer examinations, cloud forensics, new artifacts, user interface and a pack of bugfixes.

Mobile forensics

iOS acquisition

The new release offers two iOS acquisition improvements, which we did not previously offer because they are less forensically sound than others. However, due to numerous customers’ requests v.1.3 of Belkasoft X will support both:

  • Agent-based iOS acquisition without paid Apple Developer ID. Many customers, especially within the government sector, raised concerns regarding issues with purchasing an Apple Developer ID. Without the Apple Developer ID, they were unable to successfully utilize Belkasoft’s agent-based acquisition. Now, Belkasoft offers the possibility to acquire FFS with the Belkasoft agent without the paid Developer ID.

    What makes this acquisition method less forensically sound?

    With this acquisition method, you must connect the device being acquired to the Internet. This release now gives customers multiple acquisition options: either purchase a paid Apple Developer ID and allow Internet access only on your investigative forensic machine, or use a free Apple Developer ID and allow an Internet connection to the device being acquired.

  • checkm8 on iOS 14.* from iPhone 8/8+/X and corresponding iPads. The new Belka X release allows you to acquire full file system and keychain from iPhone models 8, 8+ and X, an option not previously supported because these models required you to first remove the passcode.

The earlier versions of Belkasoft X offered checkm8 full file system and keychain acquisition, agent-based acquisition, iTunes backups (even on locked phones), lifting USB Restricted Mode, MTP/PTP acquisition and support for imaging of jailbroken phones including latest versions of checkra1n, odyssey and unc0ver.

Android acquisition

  • Acquisition of Qualcomm devices using EDL mode. Belkasoft X version 1.3 allows you to acquire a physical image from a vast amount of different mobile device models running on Qualcomm Snapdragon SoC.
    The list of 250+ supported devices (click to expand):
    • Asus Zenfone 4 Pro (Z01GD)
    • Asus ZenFone 4 ZE554KL
    • Asus Zenfone 5 ZE620KL
    • Asus Zenfone Max Pro M1
    • Asus Zenfone Max Pro M2
    • Asus ZenFone 4 ZE554KL
    • Asus ZenFone 5Z
    • Asus ROG Phone (2.96 GHz)
    • Asus ZenFone 3 Deluxe (5.7" 64GB) (ZS570KL)
    • Asus ZenFone 3 Deluxe (5.7" 256GB) (ZS570KL)
    • Asus Zenfone AR
    • Asus Zenfone Ares (2018)
    • Asus ZenFone 3 (5.2") (ZE520KL)
    • Asus ZenFone 3 (5.5") (ZE552KL)
    • Asus ZenFone 3 Deluxe (5.5") (ZS550KL)
    • Asus ZenFone 3 Zoom/ZenFone Zoom S (ZE553KL)
    • Asus Zenfone 4 Selfie Pro (ZD552KL)
    • Asus ZenFone 3 Laser
    • Asus ZenFone 3 Max ZC553KL
    • Asus Zenfone 2 Laser ZE500KL
    • Asus Zenfone Max ZC550KL
    • Asus ZenFone 5 Lite
    • Lenovo K9 Note
    • Lenovo K5 Pro
    • Lenovo S5 Pro
    • Lenovo Z5
    • Lenovo S5 Pro GT
    • Lenovo Z5s
    • Lenovo Z5 Pro
    • Lenovo Z6 SE/Z6 Lite/Youth
    • Lenovo Phab 2 Pro
    • Lenovo K9 Plus
    • Lenovo P2
    • Lenovo S5
    • Lenovo K6
    • Lenovo K6 Note
    • Lenovo K6 Power
    • Lenovo A805e
    • Lenovo Sisley S90
    • Lenovo Vibe Z2
    • Lenovo A6000
    • Lenovo Vibe X3
    • LG G4
    • LG V10
    • LG X mach/X fast
    • Meizu E3
    • Meizu 15
    • Meizu 16X
    • Meizu X8
    • Meizu 16
    • Meizu 16 Plus
    • Meizu Zero
    • Meizu 15 Lite/Meizu M15
    • Meizu M6 Note
    • Meizu Note 8
    • Motorola Moto Z3
    • Motorola Moto X4
    • Motorola Moto G6 Plus
    • Motorola Moto G7 Plus
    • Motorola Moto Z3 Play
    • Motorola One Power/P30 Note
    • Motorola P30
    • Motorola Moto Z
    • Motorola Moto Z Force
    • Motorola Moto G5 Plus
    • Motorola Moto G5S Plus
    • Motorola Moto Z Play
    • Motorola Moto Z2 Play
    • Motorola One
    • Motorola Moto G4
    • Motorola Moto G4 Plus
    • Motorola Moto G5
    • Motorola Moto G6 Play
    • Motorola Moto E5 Plus (India and China)
    • Motorola Moto E5 Plus
    • Motorola Moto E4 (USA)
    • Motorola Moto E5 Play
    • Motorola Moto G6 Play
    • Motorola Moto Z2 Force
    • Nokia 8
    • Nokia 8 Sirocco
    • Nokia 6.1
    • Nokia 7
    • Nokia 6.1 Plus/X6
    • Nokia 7.1
    • Nokia 6.2
    • Nokia X71
    • Nokia 7 Plus
    • Nokia 7.2
    • Nokia 9 PureView
    • Nokia 5
    • Nokia 6
    • Nokia 2.1
    • Nokia 8110 4G
    • Nokia 2720 Flip
    • Nokia 800 tough
    • Nokia 2
    • Nokia X2
    • Nokia X7/8.1/7.1 Plus
    • OnePlus 5
    • OnePlus 5T
    • OnePlus 6
    • OnePlus 6T
    • OnePlus 6T McLaren Edition
    • OPPO R11
    • OPPO R11 Plus
    • OPPO R11s
    • OPPO R11s Plus
    • OPPO R15 Pro
    • OPPO R15 Dream Mirror
    • OPPO K1 (64GB only, 128GB model is the R15x)
    • OPPO R17 Neo/RX17 Neo
    • OPPO F3 Plus
    • OPPO R9 Plus
    • OPPO R9s Plus
    • OPPO R9s
    • OPPO A57
    • Samsung Galaxy S8 (USA/Canada/China/Hong Kong/Japan)
    • Samsung Galaxy S8+ (USA/Canada/China/Hong Kong/Japan)
    • Samsung Galaxy S8 Active (AT&T USA)
    • Samsung Galaxy Note 8 (USA/Canada/China/Hong Kong/Japan)
    • Samsung Galaxy Tab S4
    • Samsung W2018
    • Samsung Galaxy S7 (SM-G9300/A/P/T/U/V)
    • Samsung Galaxy S7 Edge (SM-G9350/A/P/T/U/V)
    • Samsung Galaxy S7 Active (SM-G891A)
    • Samsung Galaxy Note 7 (SM-N9300)
    • Samsung Galaxy Tab S3
    • Samsung W2017
    • Samsung Galaxy Note FE (SM-N9350)
    • Sharp Aquos C10
    • Sharp Aquos D10
    • Sharp Aquos S2 64GB
    • Sharp Aquos S3
    • Sharp Aquos S3 Mini
    • Sharp Aquos Sense Plus
    • Sharp Aquos S2 128GB
    • Sharp Aquos S3 128GB
    • Sharp Aquos R Compact
    • Vivo Z1i
    • Vivo V9 6GB (Indonesia)
    • Vivo V11 Pro
    • Vivo X20
    • Vivo X20 Plus
    • Vivo X20 Plus UD
    • Vivo X21
    • Vivo X21 UD
    • Vivo X21s
    • Vivo Z1
    • Vivo X23 Symphony
    • Vivo Nex A
    • Vivo Nex A UD
    • Vivo X27 (256GB)
    • Vivo X27 Pro
    • Vivo Z3 (6GB RAM)
    • Vivo Z5x
    • Vivo Nex S
    • Vivo iQOO Neo
    • Vivo Xplay 5
    • Vivo Xplay 5 Elite
    • Vivo Xplay 6
    • Vivo V3 Max
    • Vivo X6s
    • Vivo X6s Plus
    • Vivo X7
    • Vivo X7 Plus
    • Vivo X9 Plus
    • Vivo X9s
    • Vivo X9s Plus
    • Vivo V5 Plus
    • Vivo V9
    • Vivo X9
    • Vivo Y79
    • Vivo Y53
    • Vivo Y66
    • Vivo Y93
    • Vivo Y95
    • Vivo U1
    • Vivo Y3
    • Xiaomi Mi 6
    • Xiaomi Mi MIX 2
    • Xiaomi Redmi Note 5/Redmi Note 5 Pro
    • Xiaomi Redmi Note 5 AI Dual Camera
    • Xiaomi Redmi Note 6 Pro
    • Xiaomi Mi Max 3
    • Xiaomi Mi Note 3
    • Xiaomi Mi 8 Lite/Mi 8 Youth
    • Xiaomi Mi A2/Mi 6X
    • Xiaomi Mi Pad 4
    • Xiaomi Mi Pad 4 Plus
    • Xiaomi Redmi Note 7 India
    • Xiaomi Redmi Note 7 International/7S
    • Xiaomi Mi CC9 (Mi 9 Lite)
    • Xiaomi Mi CC9 Meitu Edition
    • Xiaomi Mi 8 SE
    • Xiaomi Mi MIX 2S
    • Xiaomi Mi MIX 3
    • Xiaomi Pocophone F1
    • Xiaomi Mi 8
    • Xiaomi Mi 8 Explorer Edition
    • Xiaomi Mi 8 Pro/Mi 8 Screen Fingerprint Edition
    • Xiaomi Black Shark
    • Xiaomi Black Shark Helo
    • Xiaomi Mi 5 32GB
    • Xiaomi Mi 5s Plus
    • Xiaomi Mi Note 2
    • Xiaomi Mi MIX
    • Xiaomi Mi 5 64GB/128GB
    • Xiaomi Mi 5s
    • Xiaomi Mi Note Pro
    • Xiaomi Mi 4c
    • Xiaomi Mi 4s
    • Xiaomi Mi Max (16GB/32GB)
    • Xiaomi Mi Max (64GB/128GB)
    • Xiaomi Mi 5X/Mi A1
    • Xiaomi Mi A2 Lite/Redmi 6 Pro
    • Xiaomi Mi Max 2
    • Xiaomi Redmi 4 Prime
    • Xiaomi Redmi 5 Plus/Redmi Note 5
    • Xiaomi Redmi Note 4
    • Xiaomi Redmi Note 4X (32GB)
    • Xiaomi Redmi S2/Redmi Y2
    • Xiaomi Redmi 4 (India)
    • Xiaomi Redmi Y1 (India)
    • Xiaomi Redmi 4X
    • Xiaomi Redmi Note 5A Pro
    • Xiaomi Redmi 3S
    • Xiaomi Redmi 4 (China)
    • Xiaomi Redmi 4A
    • Xiaomi Redmi 5A
    • Xiaomi Redmi Note 5A
    • Xiaomi Redmi Y1 Lite
    • Xiaomi Redmi Go
    • ZTE Nubia Z17
    • ZTE Nubia Z17S
    • ZTE Nubia Red Magi
    • ZTE Axon 7s
    • ZTE Axon M
    • ZTE Axon 7
    • ZTE Nubia Z11
    • ZTE Axon & Axon Pro & Axon Lux & Axon Elite
    • ZTE Nubia Z9 Max & Max Elite
    • ZTE Nubia Z9
    • ZTE Nubia Z9 Elite
    • ZTE Nubia Z9 Exclusive
    • ZTE Nubia Z11 Max
    • ZTE Nubia Z17 mini
    • ZTE Axon 7 MAX
    • ZTE Axon Max 2
    • ZTE Blade Max 3
    • ZTE Blade V8 Pro
    • ZTE Nubia M2
    • ZTE Nubia N3
    • ZTE Nubia V18
    • ZTE Nubia Z11s mini
    • ZTE Zmax Pro
  • APK downgrade support. This feature allows the user to downgrade applications on a device, which will allow for the extraction from applications that have removed the possibility of backing up their data. Examples of these applications include: Facebook Messenger, Instagram, KakaoTalk, Opera, Signal, Skype, Telegram, Twitter, Viber, WeChat, WhatsApp, Zello and others.

Computer forensics

Though the main emphasis of the Belka X v.1.3 release focused on mobile forensics, there are multiple important improvements in computer forensics, too:

  • Better support for Tableau images. Though Belkasoft has supported E01/Ex01/L01/Lx01 for years, there are some peculiarities of Tableau implementation of images in these formats. With the increase use of Tableau imagers, more customers noticed that some dumps made by Tableau are not parsed correctly in Belkasoft X. We thoroughly tested the new release on multiple examples and made necessary adjustments to fully support all Tableau specifics.
  • Chrome password decoding for domain user accounts. Not only can local users’ Chrome passwords be decrypted, but this also now works for Windows domain users as well.
  • Support MOD and MTS video formats. We have recently received requests to include these formats into Belkasoft’s video search and to support playback of these files. This functionality now exists in v.1.3.
  • More macOS artifacts supported. In v.1.3 Belkasoft X allows users to extract and analyze macOS autoruns as well as macOS users (both existing and deleted).

Cloud forensics

The new release now supports two-factor authorization for Google Cloud acquisition.

User interface improvements

  • Font size selection. Surprisingly, one of the most frequent customer requests was to be able to customize the product’s font size. Though not easy to implement, this possibility was added to the product options. Now you can set a custom font scale from 50% to 150% depending on your display settings and system font size. This is the second feature—along with the Dark theme—to reduce stress on your eyes. Belkasoft cares about your health!
  • Custom reporting language. Another long-awaited feature brought to life by Belkasoft. While it would take significant effort to translate the entire product into another language, most of our customers can operate Belkasoft X in English and only need the report in their respective language. With v.1.3 you can now specify the report be prepared in a desired language, even if working with the product in English. This capability significantly reduces the effort required to prepare corresponding translation. We are looking for volunteers to help us with such translation creation and proofreading.
  • Improved Map visual hints. Now, tooltips for geolocation points and clusters on the Map window include a preview for points originated from pictures and contain a handy link to the selected artifact in the Artifacts window.


    Tooltip shows a photo preview and offers a link to the artifact on the Structure pane of the Artifacts window

  • Showing filtered data on Map. Another improvement is that if a user filters data in the Geolocation node, only filtered data will be shown on the Map window (before, all data was shown).
  • Media player designed to automatically determine a media type. Some media formats may contain both video and audio, or just audio. It is not possible to quickly determine if such a file is a pure audio file or not; thus even audio-only files can be placed under our Video node. With Belkasoft X’s built-in media player, such a file will be automatically recognized as a video or audio file. For audio-only, the player will not show the video control.
  • Spanish language. Belkasoft X is now available in Spanish. Hola, ¿qué tal?
  • Product window positions are remembered between Belkasoft X sessions. This is especially important if you work with multiple monitors.

Other improvements

  • Fixed: Scrolling in Hex Viewer does not work properly.
  • Fixed: Incorrect localization in Search properties fixed.
  • Fixed: Timeline tab offers zoom to range of one hour, but it does not work.
  • Fixed: Odnoklassniki analyzer fails if found inside a DD image.
  • Fixed: Errors in Plist data parsing for Apple Mail/Google Maps/Safari apps located inside an encrypted iTunes backup.
  • A few dozens of other issues fixed.

DOWNLOAD A TRIAL
REQUEST A QUOTE