Belkasoft Evidence Center 2019 v.9.4 (or, in short, BEC) is an all-on-one forensic solution, combining computer, RAM, mobile and cloud forensics in a single tool. Given its affordable price, it is one of the best choices among other available products on the market.

Version 9.4 of BEC 2019 is a major new release with a pack of new features including

• Case-specific keyword file generation for password brute force attacks
• Gun detection in pictures and video keyframes using ANN (artificial neural networks)
• Open Street Maps support for geolocation points
• Updated Team Edition version of BEC
• Updated integration with Passware Kit Forensic
• Support for Windows 10 Skype app
• Support for fitness trackers
• Cloud forensics features update
• As usual, a pack of new and updated computer and mobile apps are supported
• Belkasoft is also offering official training and BelkaCE certification. Two courses are available: Belkasoft Essentials and Belkasoft Advanced, both are 2 days long. Available onsite locations for 2018: USA and Europe.

Sign up for a webinar on BEC v.9.4!

Upgrading to version 9.4 is free to all customers with a non-expired Extended Software Maintenance and Support contract. Customers without a current contract can purchase it from the Customer Portal. An affordable User Refresher Course is also available for those who would like to catch up on all recent improvements. Training with optional certification is available.

New features in detail

Keyword file generation

When looking for a password to decrypt some important data, there is a high probability that the password (or its part) is somehow stored on a user's computer. Even if not, the password could have been based on something specific what the user was chatting about, looking in the internet or reading in documents. Thus, one of viable approaches to password recovery is to create a dictionary of all terms somehow related to the user. Belkasoft Evidence Center is now able to go through all text fields of all artifacts gathered from user's devices with the goal to generate user-specific keyword file. Decryption tools such as of Passware can then take such file in order to use the terms inside as an exact password or as a base for mutations.

This feature is particularly useful when the full brute force is impossible due to the strong encryption.

Gun detection in pictures and video keyframes using ANN

Following the success of the previously released pornography detection feature, Belkasoft continued the extension of its artificial neural network-based picture analysis. In this release we added the possibility to automatically detect guns inside pictures and video keyframes. As with the pornography detection, this feature requires a GPU card with CUDA support from the following list.

We will expand the use of ANN in next releases to include many more other types of pictures. Stay tuned!

Updated Team Edition version of BEC

The Team Edition is the multi-user configuration of Evidence Center. In Team Edition, you can store case data on a central server and access your cases remotely from the same local network. You can work on the same case with another user simultaneously. The right management allows to specify if other users can access your case read-write, read-only or no access.

Are you interested in more details on Team Edition features and how to upgrade your single-user system to Team Edition? Contact us at support@belkasoft.com

Support for fitness trackers

Fitness tracker devices become more and more popular. Even the CEO of Belkasoft is using a Fitbit device each day! These devices may store a lot of information of a user, such as their GPS tracks, heartbeat history, physical activities (walk, run, swim, etc), amount of calories burnt and so on. There are already a number of cases published, where a fitness tracker analysis was an important part of an investigation.

In v.9.4 of BEC we have supported two most popular devices: Fitbit and Mi Fit.

Analysis

• Skype for Windows 10 supported [Windows]
• Chrome passwords extraction supported [Android]
• YapChat supported [Android] [iOS]
• Cache data extraction supported for Chrome, Maxthon, Dolphin and UC Browser browser [iOS]
• New version of Telegram supported [Android] [iOS]
• Frequent locations supported [iOS]
• Opera supported [Android]
• ICQ support updated [Android]
• Skype support updated [Android] [iOS]
• Form values/Passwords/Cache extracted for Chrome [macOS]

User Interface

• Artifact list: column reordering supported
• Contact list can be filtered in Connection Graph
• Picture loading in Gallery View improved
• Picture preview is shown on a dedicated tab of a properties panel (useful when working with Pictures list view which does not have a preview column)
• Call/SMS are properly displayed for the chosen edge on the Connection Graph

Cloud forensics update

• Import of messages downloaded from Gmail Cloud into BEC improved
• Incorrect mailbox structure of downloaded Gmail Google cloud data fixed
• Documents, videos downloaded from Google Drive properly imported and analyzed in BEC
• Incorrect import of geolocation data downloaded from Google Timeline fixed

New and updated artifacts

• iOS
  • Apple mail
  • Brosix
  • IMO
  • Dolphin
  • Live Me
  • NextPlus
  • LINE
  • Kakao Talk
  • Vipole
  • WhatsApp
  • Voicemails
  • Yahoo mail
  • Ebuddy XMS
  • Growlr
  • Kik
  • MeetMe
• Android
  • Gmail mailbox
  • Dolphin
  • MeetMe
  • Mail.ru
  • Xabber
  • Calls
  • IMO
  • WhatsApp
  • Growlr
  • Maxthon
  • Edge browser
• Windows
  • Gadu-Gadu v.10

Other improvements

• Interlocutors extraction for Viber improved [Android] [iOS] [Windows]
• Analysis performance of iOS images and Android AB backups significantly improved
• Live RAM Capturer now supports all versions of Windows including newest updates for Windows 10
• Missed search in BER fixed
• Forgery report in Portable version fixed
• Memory consumption during data analysis optimized and reduced
• URLs extracted from SQLite unallocated for UC browser [iOS]
• Facebook support updated [Android]
• Attachments extraction supported for Notes app [iOS]
• Decryption window fixed for browser data for Qihoo/Yandex/QQ browsers [Windows]
• Geodata extracted from Heytell [iOS]

About 200 smaller improvements and bugfixes are made.