What's new in Belkasoft X v.1.8 June, 29, 2021

Belkasoft Evidence Center X (Belkasoft X), is Belkasoft's new flagship product for digital forensics and incident investigations.

Version 1.8 of Belkasoft X features massive improvements in the Android APK downgrade method, Android SD card acquisition support, two-factor authentication support for iCloud download, the possibility to re-attach a data source (including portable cases), crypt14 decryption for WhatsApp, a number of performance and stability improvements as well as new and updated mobile and computer artifacts for Android, iOS, macOS and Windows.

Upgrading from previous versions of Belkasoft X to version 1.8 is free to all customers with a non-expired Software Maintenance and Support (SMS) contract. Customers without a current contract can purchase it from the Customer Portal.

Customers with a valid Belkasoft Evidence Center (version 9.9 and below) SMS, can upgrade with discounts: please contact sales@belkasoft.com for your upgrade quote. Do not forget that BEC support expires Nov 1, 2021.

You can also purchase affordable training with optional certification. A new on-demand training course has recently been made available.

More on new features

Mobile acquisition

  • Android APK downgrade method was massively improved
    • You can select one or more particular applications to acquire, using check boxes. Other applications data will not be acquired
    • More apps were supported for downgrade: Facebook, Line, Dolphin, Yandex Mail, TamTam
    • Particular apps downgrades were improved: Twitter, Zello, Odnoklassniki
    • Only apps installed on a particular device are shown (before the product was showing all software supported apps)
    • A number of stability improvements were made with the reinstallation of apps after the acquisition and restoring app in the case of acquisition failure
  • Acquisition of Android SD card is now supported via ADB backup and APK downgrade methods (previously, the only method capable to copy an SD card was via physical acquisition of a rooted Android device)
  • Generic agent-based Android acquisition improved
    • A number stability improvements were made
    • Bluetooth connections extraction added
  • MTK agent-based acquisition improved in detection of a device

Cloud forensics

  • iCloud downloader: Two factor authentication via SMS is now supported
  • iCloud Notes acquisition improved
  • Gmail cloud data acquisitions are now more robust

Computer forensics

  • ext2/ext3 file system parsing was improved

User interface

  • It is now possible to re-attach a data source. A popular customer request: to allow the mounting of an image or a drive again. For example, within Evidence Reader (a Belkasoft portable case) or in Belkasoft X in the case a drive letter for the data source (or for an image) was changed
  • Performance of artifact profile search was enhanced
  • User interface responsiveness improved for situations when multiple tasks are running simultaneously

New and updated artifacts

  • Android
    • crypt14 decryption is now supported for Android WhatsApp databases
    • Foursquare (updated)
    • Pinterest (updated)
    • Slack (updated)
  • iOS
    • GroupMe app is now supported
    • Calendar (updated)
    • Skout iOS (updated)
    • Slack (updated)
    • Snapchat (updated)
    • Telegram (updated)
  • macOS
    • Chrome (updated)
    • Contacts (updated)
    • QQ browser (updated)
  • Windows
    • Slack (updated)
    • Windows Mail (updated)

Issues fixed

  • Fixed: Text detection not working on some pictures downloaded from the cloud
  • Fixed: User interface irresponsive during language switch
  • Improved: Performance of Report settings dialog for the Search Result list
  • Fixed: Unable to cancel 'Allow USB Debugging' on an Android device during acquisition
  • Fixed: Behavior of default columns on the Report Settings window
  • Fixed: Column sorting settings
  • Fixed: Option "Face detection mode" does not respect user selection
  • Dozens of other issues fixed