- Physical Acquisition of Rooted Android Devices and More Stable ADB
Acquisition
- iTunes 10.x.x Backup Support
- Download Of iTunes Backups From iCloud For iOS 9 and Newer
- Network Licenses
- AD1 Images Support and AccessData Integration
- Chinese Translation
- New Dashboard Statistics
- New and Updated Apps
- Customer Requests Addressed
Sign up for a webinar on BEC
v.8.4!
Upgrading to version 8.4 is free to all customers with a non-expired
Extended Software Maintenance and Support contract.
File System module must be purchased
separately. Customers without a current contract can purchase it from the
Customer Portal. An affordable User Refresher
Course is also available for those who would like to catch up all recent improvements.
Physical Acquisition of Rooted Android Devices and More Stable ADB Acquisition
Belkasoft Evidence Center 2017 v.8.4 (BEC) now supports physical acquisition of
rooted Android devices. The physical image allows you to recover much
more information from mobile devices than a logical acquisition or a backup. Many times this will
include deleted data. Our free Belkasoft Acquisition
Tool is updated accordingly.
Apart from physical acquisition, v.8.4 has updated its logical acquisition, making
it more stable thanks to its improved logging and the updated acquisition
process for the newest of devices (in particular, new Samsung smartphones). And remember,
the output of this type of acquisition are standard AB files.
BEC now analyzes both types of acquired images for hundreds of
artifacts, including email, browser histories, chats and mobile apps, such as
WhatsApp, WeChat, Skype, Telegram, Snapchat and so on.
iTunes 10.x.x Encrypted Backups Support
This latest version of BEC now supports all existing versions of iTunes
backups, including encrypted backups for v.10.3. The support works the same as
it did for previous versions of iTunes: If you know or can recover a password, you
can enter it in the corresponding node within Evidence Center's interface and it will
decrypt the backup (or inform you that password is wrong). After a successful
decryption, the product will analyze the backup for artifacts we support for
Apple (which includes hundreds of formats and mobile applications).
Go to our Tutorials page, to watch a short
video on
working with encrypted iTunes backups.
Download Of iTunes Backups From iCloud For iOS 9 and Newer
The process of downloading new iOS 9 iTunes backups changed, effectively disabling
older versions of Evidence Center and BelkaImager to download Apple
backups. BEC v.8.4 solves this issue by supporting this new operating system. BelkaImager
(aka our Free Belkasoft Acquisition Tool) has also been updated accordingly.
Network Licenses
The long awaited network licensing is now supported in the new version of BEC.
This type of license is a very efficient way to use Evidence Center
in medium to large teams, and thus a great way to save those departments money. For example, say you have 20 investigators, each investigator is using 3-4
computers, and they have at their disposal multiple forensic tools, not just Belkasoft product. They won't be using Evidence Center every
second. Previous versions of BEC didn't support network dongles. You would have needed to purchase up to 20 regular
standalone dongles, this made it a pricy. Now you can purchase a single dongle
for say 10 concurrent users, and thereby dramatically saving your money.
Just plug the network dongle into any computer available to BEC users over a
local network (usually this is a computer which serves as license server
and has other dongles, from various tools, plugged in). You can choose to have 5, 10, 20 or even 50 concurrent
users. When the amount of users reaches the purchased limit, no more connections
are allowed, however, when a user closes BEC, another user may start using it.
What do you do, if you have a in-field investigation, where you LAN
is not accessible? This is also solved by BEC's new network licensing: each package
has one or more free "standalone" dongles, so it doesn't
require access to your local license server.
Interested? Request a quote at https://belkasoft.com/quote
AD1 Images Support and AccessData Integration
Previously announced, Belkasoft has recently become
a new AccessData Technology Partner, a definite quality seal on
our products. Together, we have released a new version of AccessData's Lab Web UI,
enriching it with hundreds of new apps and formats, now analyzed by AD Lab out
of the box. All this is thanks to the Belkasoft engine. We will continue our collaboration, and we are working
on the same feature for AccessData's FTK product.
Since both of AccessData's products use an AD1 image format, the new version of BEC now supports
this type of image. You can now ingest AD1 images into your case, along with E01, Ex01, L01, Lx01, AFF, UFD, CTR, DMG and
many other formats, including virtual machines, RAM, chip-off and JTAG dumps,
and analyze the lot of them using all the power of BEC.
Chinese Translation
BEC now has an up-to-date Chinese translation what enables our huge
amount of customers in China to use BEC more effectively including creation
of reports on their native language. Many thanks goes out to DataExpert, our
partner in China for the help in the translating.
Interested to receiving a quote and Chinese support? Contact us!
New Dashboard Statistics
The BEC Dashboard screen, introduced in v.8.3 received a very positive feedback from
our customers, and so we improved it even more with the v.8.4 release. New things to look fore
in this screen are:
- Predefined search results. A predefined search is made automatically
by the BEC while analyzing a data source for artifacts. Searches include
IP and MAC addresses, emails, SSN numbers, browser searches and many other
standard artifacts you usually search yourself. Since BEC now performs these searches automatically
you don't have to wait after you run corresponding
searches, saving your time and labor. Now the Dashboard conveniently shows you the result amounts for each
type of search. Click on an icon and the
results of the selected type will be shown.
- Count by item type. You can now review the number of artifacts
extracted for each particular application. Thus you can immediately observe the
most frequented apps inside your case. In the picture below, under the Artifacts Heading, is an example of how this graph will look:
New and Updated Apps
We continually work on updating the support for formats and apps which
are constantly releasing new versions. Here is the list of apps updated or newly supported in
BEC v.8.4:
All platforms, including mobile and desktop:
- Skype
- Tumblr
- Growlr
- ICQ
- Twitter
- Textie
- VK
- Gigatribe
- Chrome
- Firefox
- Performance of carved MIME mail parsing significantly improved
iOS:
- WhatsApp
- FireChat
- Geolocation data
- Contacts
- AnyDo
- Mail.Ru
- VK
- Vipole
- Twitter
- Tumblr
- TextPlus
- Textie
- Mail.Ru Agent
- Growlr
Mac OS:
- InstantBird
- Google Drive
- Evernote
- Dropbox
- Mail app
- Yahoo IM
- InstantBird
- Pidgin IM
- Document Revisions data
- Address Book
- Bluetooth configurations
- Wifi configurations
Android:
Customer Requests Addressed
Thanks to everyone who contributed to the improvement of the BEC product quality by
sharing your feedback. It tremendously helps in moving the tool forward. Among the fixes
we have done for you are:
- Very long BEC start up - caused by third-party library changed behavior.
This is now fixed. This fix is especially important for Windows 10, where the worst
performance degradation was noticed on v.8.3
- Rare crash in "Open File" dialog opening fixed (Windows 10)
- Is Deleted flag value for SQLite based artifacts fixed
- Origin path improved for many data types
- Incorrectly added default data range filter fixed
- The hang during text detection for specific TIFF files fixed
- Visualization of large number of values in mail filters fixed
- Rare Item List's columns vanishing after resize fixed
- Rare problem of incorrect sort by column and column options loss fixed
- Filter names synced with column names in item list where corresponding
filter buttons present
- Rare "Error loading value" during item list sorting fixed
- Selecting "Show in file system" context menu item now properly expands
folder tree in File System window
- Support of L01 updated: File System window now correctly processes L01/Lx01
images created by EnCase v.7
- About 200 of other improvements were made in this new release
