What's New in Belkasoft Evidence Center 2020 Version 9.8
Belkasoft Evidence Center 2020 v.9.8 (or, in short, BEC)
is an all-in-one forensic solution, combining mobile and computer forensics as well as
memory, cloud and remote forensics, and incident investigations in a
single tool. Given its affordable price, it is one of the best choices among
other available products on the market.
In v.9.8, Belkasoft added two extremely important features of iOS device
acquisition. Among major features included in BEC 2020 v.9.8 there are:
- Acquisition of iOS devices with checkra1n jailbreak
- Full file system copy of some iOS devices without jailbreak
- Decryption of TrueCrypt, VeraCrypt, PGP and other types of
encryption is added
- Massive improvements in Remote Forensics and Incident
Investigation modules
- Support for mounting and analysis of many new archive file types
- Numerous updates to artifact extraction
Sign up for a webinar
on BEC v.9.8!
Upgrading to version 9.8 is free to all customers with a non-expired Extended
Software Maintenance and Support contract. Customers without a current contract
can purchase it from the Customer Portal.
Affordable training with optional certification is available.
The complete list of new features
Mobile device acquisition
- Acquisition of iOS devices with checkra1n jailbreak supported
- Acquisition of some
iOS devices without jailbreak supported
(IMPORTANT! You need to switch off antivirus otherwise it will delete the agent
since it works like an exploit. Besides, you must have an Internet connection, otherwise agent will not install)
- MTK processor type autodetection supported
Computer forensics
- File filtering by selected hashset database (white/black listing) supported
- DriveCrypt, PGP, Symantec, TrueCrypt, VeraCrypt decryption with known password
or recovery key supported
- More raw images added to supported image types
- Many archive types supported for image mounting and subsequent analysis:
7z, rar, gz, etc
Incident Investigation
- Evidence of execution: ShimCache analysis improved
- Specific fields from PowerShell journal extracted
- Specific fields from Microsoft-Windows-Windows Defender/Operational
journal and Event ID 1116 extracted
- Better layout of artifacts
Remote acquisition
The entire module is massively updated. Stability and
robustness are improved, error handling
is brushed up and enhanced.
New and updated applications
- Windows
- Carbonite app supported
- Google Drive updated
- Limewire P2P app supported
- LNK analysis massively improved
(see also our
article on LNK forensics)
- OneDrive app updated
- Puffin browser supported
- Android
- Ctrip application updated
- Facebook updated
- Google Calendar supported
- Puffin browser supported
- SharePoint app supported
- Telegram updated
- Telegram X updated
- Zalo updated
- iOS
- Apple Mail updated
- CarPlay updated
- Evernote updated
- Facebook updated
- Puffin browser supported
- Telegram updated
Bugfixes and smaller improvements
- Raw data is not shown for The Bat profiles in Hex Viewer—fixed
- Hex Viewer navigation does not work for Mail.ru profiles for Android and
iOS apps, Mail 163 and Yahoo apps—fixed
- Analysis Facebook profile is failed to complete—fixed
- Hex Viewer tab is empty for Apple mail—fixed
- Message transferred events are picked up in Unknown Events instead of Chat events—fixed
- Less artifacts carved from Unallocated space for Skype—fixed
- After selecting the ODIN mode there is no possibility to switch to ADB—fixed
- Android Telegram: Geolocation data is incorrectly displayed in Open Street
maps; Attachment extraction improved—fixed
- iOS Telegram: There is no ID / phone number / nickname for the account owner
and nickname for contacts—fixed
- Android Telegram X: Time (UTC)/Time (Local) is not extracted—fixed
- Android Zalo: Calls not retrieved—fixed
- Report in PDF format for Document does not show embedded files list—fixed
- Filter by time does not work for Heart rate data type (fitness tracker
profiles)—fixed
- Search in Evidence Reader does not work under some circumstances—fixed
- Incorrect phone number detected at profile name for dual SIM-card SMS/call
profiles—fixed
- Error creating a report from Task Manager—fixed
- Error analyzing an animated gif for pornography—fixed
- Descriptions and units for focus counter values added
Sign up for a webinar on
new BEC v.9.8