Belkasoft Evidence Center X (Belkasoft X), is Belkasoft's new flagship product for digital forensics and incident investigations.

Version 1.8 of Belkasoft X features massive improvements in the Android APK downgrade method, Android SD card acquisition support, two-factor authentication support for iCloud download, the possibility to re-attach a data source (including portable cases), crypt14 decryption for WhatsApp, a number of performance and stability improvements as well as new and updated mobile and computer artifacts for Android, iOS, macOS and Windows.

Upgrading from previous versions of Belkasoft X to version 1.8 is free to all customers with a non-expired Software Maintenance and Support (SMS) contract. Customers without a current contract can purchase it from the Customer Portal.

Customers with a valid Belkasoft Evidence Center (version 9.9 and below) SMS, can upgrade with discounts: please contact sales@belkasoft.com for your upgrade quote. Do not forget that BEC support expires Nov 1, 2021.

You can also purchase affordable training with optional certification. A new on-demand training course has recently been made available.

More on new features

Mobile acquisition

• Android APK downgrade method was massively improved
  • You can select one or more particular applications to acquire, using check boxes. Other applications data will not be acquired
  • More apps were supported for downgrade: Facebook, Line, Dolphin, Yandex Mail, TamTam
  • Particular apps downgrades were improved: Twitter, Zello, Odnoklassniki
  • Only apps installed on a particular device are shown (before the product was showing all software supported apps)
  • A number of stability improvements were made with the reinstallation of apps after the acquisition and restoring app in the case of acquisition failure
• Acquisition of Android SD card is now supported via ADB backup and APK downgrade methods (previously, the only method capable to copy an SD card was via physical acquisition of a rooted Android device)
• Generic agent-based Android acquisition improved
  • A number stability improvements were made
  • Bluetooth connections extraction added
• MTK agent-based acquisition improved in detection of a device

Cloud forensics

• iCloud downloader: Two factor authentication via SMS is now supported
• iCloud Notes acquisition improved
• Gmail cloud data acquisitions are now more robust

Computer forensics

• ext2/ext3 file system parsing was improved

User interface

• It is now possible to re-attach a data source. A popular customer request: to allow the mounting of an image or a drive again. For example, within Evidence Reader (a Belkasoft portable case) or in Belkasoft X in the case a drive letter for the data source (or for an image) was changed
• Performance of artifact profile search was enhanced
• User interface responsiveness improved for situations when multiple tasks are running simultaneously

New and updated artifacts

• Android
  • crypt14 decryption is now supported for Android WhatsApp databases
  • Foursquare (updated)
  • Pinterest (updated)
  • Slack (updated)
• iOS
  • GroupMe app is now supported
  • Calendar (updated)
  • Skout iOS (updated)
  • Slack (updated)
  • Snapchat (updated)
  • Telegram (updated)
• macOS
  • Chrome (updated)
  • Contacts (updated)
  • QQ browser (updated)
• Windows
  • Slack (updated)
  • Windows Mail (updated)

Issues fixed

• Fixed: Text detection not working on some pictures downloaded from the cloud
• Fixed: User interface irresponsive during language switch
• Improved: Performance of Report settings dialog for the Search Result list
• Fixed: Unable to cancel 'Allow USB Debugging' on an Android device during acquisition
• Fixed: Behavior of default columns on the Report Settings window
• Fixed: Column sorting settings
• Fixed: Option "Face detection mode" does not respect user selection
• Dozens of other issues fixed