Belkasoft Evidence Center 2018 v.8.5 (or, in short, BEC)
is an all-on-one forensic solution, combining computer,
RAM, mobile and cloud forensics in a single tool. Given its affordable price,
it is one of the best choices among other available products on the market.
With version 8.5, BEC 2018 offers you even more value, staying at the same
affordable price tag. Below you will find major features of the new release:
- More mobile acquisition and analysis features (e.g. support for
Android 7.0 and improvements in rooted Android phones physical acquisition)
- A pack of enhancements in Live Memory analysis (Windows 10 memory
dumps support, process extraction and visualization)
- Newly appeared possibility to detect malware (suspicious processes
detection, checking processes with VirusTotal)
- Better support for Outlook PST and OST files, allowing to process
multi-gigabyte mailboxes
- Support for a number of popular crypto currencies
- A lot of new and updated apps analyzed out of the box, which
expand the list of other 800+ artifact types available for analysis in the
previous release
- FTK integration: Starting version 6.3 of AccessData's Forensic
Toolkit, Belkasoft module will be available
- Spanish and Chinese translations added, German
translation updated
Sign up for a webinar on BEC
v.8.5!
Upgrading to version 8.5 is free to all customers with a non-expired Extended
Software Maintenance and Support contract. File
System module must be purchased separately. Customers without a current
contract can purchase it from the Customer Portal.
An affordable
User Refresher
Course is also available for those who would like to catch up all recent
improvements.
Mobile Acquisition And Analysis
Belkasoft is actively developing mobile forensics part of BEC 2018 and here
are enhancements we have done with v.8.5:
- Android ADB backup creation updated to support Android 7.0
- Root rights detection improved for Android devices (helping to perform
a physical acquisition, available since v.8.4)
- iCloud downloader updated to support latest Apple changes
- Analysis of iTunes backups nested into a virtual machine file or another
container is now started automatically
- Chip-off and JTAG dumps mounting and analysis improved
- A number of mobile apps supported and updated (see the list below in
the New/Updated Apps section)
Live RAM Analysis
- Process extraction from a Windows 10 memory dump is supported
(make
sure you switched BelkaCarving option on)
- As with previous versions, you do not have to specify OS type and
version number, this is done by BEC automatically
- As with previous versions, memory artifacts are extracted by BEC
out of the box and shown in Overview and Case Explorer window
- Process memory can be stored to a file
Malware Detection
This is a new function in BEC 2018 and it allows you to automate some routine
to detect malware inside process memory. There are two options available at
this release:
- Analysis with VirusTotal. You will need to have an Internet connection
for this feature. BEC will upload the selected processes memory to VirusTotal
and get a result of analysis: whether it is a malware or not, malware name
and confidence level. For each result, a dedicated link is provided with
more details from VirusTotal, which you can then examine. Note: the entire
process memory is uploaded, not a hash value, since process memory, unlike
a file from a drive, is always different
- Fake system name detection. Malware like to pretend to be a system
process to hide itself from a user skilled enough to review Windows TaskManager
list of processes. For example, a frequent trick is to create scvhost.exe
instead of svchost.exe. We collected more than thousand fake names
like that and will raise a red flag once one of these names is met inside
a memory dump
Huge Outlook PST/OST Support
Outlook analysis is massively improved and now works even with huge mailboxes.
Nowadays it is not a surprise to meet a terabyte-sized mailbox and with 8.5
our customers will get rid of "out of memory" issues on such files.
Crypto Currencies Analysis
Crypto currencies is a hot topic now, including forensic analysis. BEC 2018
adds support for Bitcoin and Ethereum types of crypto currencies. The following
artifacts are supported: Bitcoin, Armory, Jaxx. You can see transaction and
wallet details for these apps.
New and Updated Apps
We continually work on updating the support for formats and apps, which are
constantly releasing new versions. Here is the list of apps updated or newly
supported in BEC v.8.5:
iOS:
- Any.Do (new)
- Google Maps (new)
- Evernote (new)
- Foursquare (new)
- Richnote (new)
- TextPlus (new)
- Textie (new)
- GetTaxi (new)
Android:
- GetTaxi (new)
- Any.Do attachments extraction added
- SMS (updated)
- Twitter (updated)
- Vipole (updated)
- ooVoo (updated)
- Facebook messenger (updated)
- GMail App (updated)
Windows:
- eMule (updated)
- Vipole (updated)
- Adobe Flash (updated)
- Geolocation data extracted from all types of links
- Cookie extraction improved for Edge browser
- ICQ (updated)
A few more apps are mentioned above in the Crypto Currencies section.
AccessData Forensic Toolkit (FTK) Integration
Previously announced, Belkasoft has recently
become a new AccessData Technology Partner,
a definite quality seal on our products. Together, we have released a new version
of AccessData's Lab Web UI, enriching it with hundreds of new apps and formats,
now analyzed by AD Lab out of the box. All this is thanks to the Belkasoft engine.
We continued our collaboration, and are proud to announce that the integration
of the same feature with AccessData's FTK product is now finished, basing on
release v.8.5 of BEC 2018.
In a few weeks, you may expect an official announcement of FTK v.6.3 from
AccessData. Starting that date, Belkasoft module will be available for purchase.
Other Enhancements
Thanks to everyone who contributed to the improvement of the BEC product
quality by sharing your feedback. It tremendously helps in moving the tool forward.
Among the fixes, we have done for you are:
Search:
- More relevant results in Predefined Search results
- Predefined search performance improved
User Interface:
- Ability to copy files and folders with path preservation into an L01
image implemented
- Empty property panels are not shown anymore
- iTunes backup decryption implemented like the other tasks and visible
in Task Manager
- Tab navigation simplified. Now it is easy to navigate among large
number of tabs.
Social Connection Graph:
- Contact overview added (a new panel at the left, where you can select
one or multiple contacts)
- Graph drawing is improved and made more clear
- Filtering of selected contacts is added for easier review of large graphs
- Overall graph usability improved
Issues Fixed:
- Problem in JTAG and chip-off mounting fixed
- Evidence Reader does not continue analysis started (and not finished)
in BEC anymore
- Rare problem in filesystems detection in the 64-bit version of BEC fixed
- Problem in free space carving fixed
- Document's embedded pictures extraction fixed. It also fixes often "corrupted
document" error during Document analysis
- Memory issues during AD1 image analysis fixed
- Problem with not starting automatic analysis after successful iTunes
backup decryption fixed
- ...and more than 200 smaller issues