What's New in Belkasoft Evidence Center 2019 Version 9.4

Belkasoft Evidence Center 2019 v.9.4 (or, in short, BEC) is an all-on-one forensic solution, combining computer, RAM, mobile and cloud forensics in a single tool. Given its affordable price, it is one of the best choices among other available products on the market.

Version 9.4 of BEC 2019 is a major new release with a pack of new features including

Case-specific keyword file generation for password brute force attacks
Gun detection in pictures and video keyframes using ANN (artificial neural networks)
Open Street Maps support for geolocation points
Updated Team Edition version of BEC
Updated integration with Passware Kit Forensic
Support for Windows 10 Skype app
Support for fitness trackers
Cloud forensics features update
As usual, a pack of new and updated computer and mobile apps are supported
Belkasoft is also offering official training and BelkaCE certification. Two courses are available: Belkasoft Essentials and Belkasoft Advanced, both are 2 days long. Available onsite locations for 2018: USA and Europe.

Sign up for a webinar on BEC v.9.4!

Download Free Request a quote

Download quote

Upgrading to version 9.4 is free to all customers with a non-expired Extended Software Maintenance and Support contract. Customers without a current contract can purchase it from the Customer Portal. An affordable User Refresher Course is also available for those who would like to catch up on all recent improvements. Training with optional certification is available.

New features in detail

Keyword file generation

When looking for a password to decrypt some important data, there is a high probability that the password (or its part) is somehow stored on a user's computer. Even if not, the password could have been based on something specific what the user was chatting about, looking in the internet or reading in documents. Thus, one of viable approaches to password recovery is to create a dictionary of all terms somehow related to the user. Belkasoft Evidence Center is now able to go through all text fields of all artifacts gathered from user's devices with the goal to generate user-specific keyword file. Decryption tools such as of Passware can then take such file in order to use the terms inside as an exact password or as a base for mutations.

This feature is particularly useful when the full brute force is impossible due to the strong encryption.

Gun detection in pictures and video keyframes using ANN

Following the success of the previously released pornography detection feature, Belkasoft continued the extension of its artificial neural network-based picture analysis. In this release we added the possibility to automatically detect guns inside pictures and video keyframes. As with the pornography detection, this feature requires a GPU card with CUDA support from the following list.

We will expand the use of ANN in next releases to include many more other types of pictures. Stay tuned!

Updated Team Edition version of BEC

The Team Edition is the multi-user configuration of Evidence Center. In Team Edition, you can store case data on a central server and access your cases remotely from the same local network. You can work on the same case with another user simultaneously. The right management allows to specify if other users can access your case read-write, read-only or no access.

Are you interested in more details on Team Edition features and how to upgrade your single-user system to Team Edition? Contact us at support@belkasoft.com

Support for fitness trackers

Fitness tracker devices become more and more popular. Even the CEO of Belkasoft is using a Fitbit device each day! These devices may store a lot of information of a user, such as their GPS tracks, heartbeat history, physical activities (walk, run, swim, etc), amount of calories burnt and so on. There are already a number of cases published, where a fitness tracker analysis was an important part of an investigation.

In v.9.4 of BEC we have supported two most popular devices: Fitbit and Mi Fit.

Analysis

Skype for Windows 10 supported [Windows]
Chrome passwords extraction supported [Android]
YapChat supported [Android] [iOS]
Cache data extraction supported for Chrome, Maxthon, Dolphin and UC Browser browser [iOS]
New version of Telegram supported [Android] [iOS]
Frequent locations supported [iOS]
Opera supported [Android]
ICQ support updated [Android]
Skype support updated [Android] [iOS]
Form values/Passwords/Cache extracted for Chrome [macOS]

User Interface

Artifact list: column reordering supported
Contact list can be filtered in Connection Graph
Picture loading in Gallery View improved
Picture preview is shown on a dedicated tab of a properties panel (useful when working with Pictures list view which does not have a preview column)
Call/SMS are properly displayed for the chosen edge on the Connection Graph

Cloud forensics update

Import of messages downloaded from Gmail Cloud into BEC improved
Incorrect mailbox structure of downloaded Gmail Google cloud data fixed
Documents, videos downloaded from Google Drive properly imported and analyzed in BEC
Incorrect import of geolocation data downloaded from Google Timeline fixed

New and updated artifacts

iOS
- Apple mail
- Brosix
- IMO
- Dolphin
- Live Me
- NextPlus
- LINE
- Kakao Talk
- Vipole
- WhatsApp
- Voicemails
- Yahoo mail
- Ebuddy XMS
- Growlr
- Kik
- MeetMe
Android
- Gmail mailbox
- Dolphin
- MeetMe
- Mail.ru
- Xabber
- Calls
- IMO
- WhatsApp
- Growlr
- Maxthon
- Edge browser
Windows
- Gadu-Gadu v.10

Other improvements

Interlocutors extraction for Viber improved [Android] [iOS] [Windows]
Analysis performance of iOS images and Android AB backups significantly improved
Live RAM Capturer now supports all versions of Windows including newest updates for Windows 10
Missed search in BER fixed
Forgery report in Portable version fixed
Memory consumption during data analysis optimized and reduced
URLs extracted from SQLite unallocated for UC browser [iOS]
Facebook support updated [Android]
Attachments extraction supported for Notes app [iOS]
Decryption window fixed for browser data for Qihoo/Yandex/QQ browsers [Windows]
Geodata extracted from Heytell [iOS]

About 200 smaller improvements and bugfixes are made.

Download Free Request a quote

Download quote

Articles

WhatsApp Forensics on Computers (Windows PCs and Macs)

WhatsApp is, by far, the most popular instant messaging (IM) application. It provides free cross-platform messaging and VoIP (Voice over Internet Protocol) services to its users. In this guide, for purposes in the digital forensics field, we ... Read more

Checkm8 Glossary

In this article we would like to familiarize you with the terms that define the data acquisition process from an iPhone based on the checkm8 exploit. ... Read more

Subscribe to our Newsletter