Belkasoft Evidence Center makes it easy for an investigator to acquire, search, analyze, store and share digital evidence found inside computer and mobile devices, RAM and cloud. The toolkit will quickly extract digital evidence from multiple sources by analyzing hard drives, drive images, cloud, memory dumps, iOS, Blackberry and Android backups, GrayKey, UFED, OFB, Elcomsoft, TWRP images, JTAG, and chip-off dumps.Evidence Center will automatically analyze the data source and lay out the most forensically important artifacts for investigator to review, examine more closely or add to report.
Discovers more than 1000 types of the most forensically important artifacts, including over 200 mobile applications, all major document formats, browsers, email clients, dozens of picture and video formats, instant messengers, social networks, system and registry files, P2P and file transfer tools, etc. Extracts data from all major operating systems, both computer and mobile: Windows, Linux, macOS, iOS, Android, Windows Phone, Blackberry.
You can use one of the product’s powerful analytical features for low-level examinations: SQLite Viewer, Hex Viewer, Registry Viewer—to locate hard-to-access, damaged, and deleted information.
Less missed evidence
Looks for hidden and encrypted information, searches in unusual places, carves deleted and damaged data and examines files in little-known formats to discover more evidence than ever. The search includes unallocated and slack space, $MFT, $Log, Volume Shadow Copy and other special and little known areas of operating systems.
Blazing fast operation
The product allows you to perform evidence search faster than most tools as it does not index every single file found on the data source, instead searching for the most forensically significant types of artifacts. Efficient usage of СPU adds to speediness of processing, as does the code written by our team of highly qualified specialists in data analysis.
Saves your time & effort
Unlike many other forensic products, Belkasoft Evidence Center does not require your constant presence and attention. Most of the routine is automated, allowing multi-tasking and freeing up some of your valuable time.
Evidence Center is designed to meet the demands of forensic experts and investigators. Workflow is simple and quick, and results are easy to convert into a report. Reports are adjustable, comprehensive, and most importantly, absolutely valid to present in a court as proven by years of user experience. One of the real life examples was a big case of child abuse in Croatia solved using Belkasoft Evidence Center
The multi-user configuration of Evidence Center (Team Edition) provides teams with the ability to collaborate on the same cases and split the workload.
The Team Edition version allows you to store case data on a central server and access your cases remotely from the same local network. You can work on the same case with another user simultaneously and specify if other users can access your case (read-write, read-only or no access).
Mobile and Computer Acquisition. The product allows you to acquire data from a computer, a laptop or a mobile device. Hard and removable drives are acquired into DD and E01 formats with optional hash calculation and verification. For mobile devices running iOS BEC acquires iTunes backup and for Android devices there are multiple formats: standard ADB or agent-based backup, EDL and physical backup for rooted devices.
Mobile and Computer Device Examination. Supporting all major desktop and mobile operating systems, Belkasoft Evidence Center is suitable for mobile and computer forensics. It can parse real and logical drives and drive images, virtual machines, mobile device backups, UFED and OFB images, JTAG and chip-off dumps.
Smart and Comprehensive Analysis. The product looks everywhere on the device completely automatically and can successfully identify over 1000 types of digital artifacts. Convenient Evidence Search feature helps to narrow down the findings using filters, pre-defined search, or other options.
Powerful Carving. Data carving allows you to locate evidence that was deleted, destroyed, or never stored on the hard drive at all (page file, hibernation file, RAM contents). Custom carving is supported as well, including support for Scalpel and FTK sets. In addition, advanced carving mode called BelkaCarving™ is available, making it possible to reconstruct fragmented chunks into contiguous pieces of information that would otherwise not be accessible at all.
Native SQLite Parsing. Recovers corrupted and incomplete SQLite databases, restores deleted records and cleared history files. Processes freelists, write-ahead logs and journal files, and SQLite unallocated space.
Live RAM Analysis. Evidence Center can extract potentially crucial information from volatile memory, such as: in-private browsing and cleared browser histories, online chats and social networks, cloud service usage history, and much more. Belkasoft Live RAM Capturer is a powerful tool for creating memory dumps, and it is complimentary.
Remote Acquisition. Remote Acquisition module allows you to perform acquisition of various data sources from remote locations. Available data source types include hard or removable drives, RAM memory and mobile devices.
The acquisition is performed with the help of an agent, installed to a remote device such as a computer or a laptop.
Incident Investigations. Incident Investigations module is aimed to help users investigate hacking attempts of Windows-based computers. By analyzing numerous sources such as registry, event logs and memory dumps, it can find traces, which are typical to various tricks used by hackers to penetrate company’s infrastructure.
Cross-Case Search. Cross-Case Search module allows you to find intersections between the currently investigated case and other BEC cases. The information found in the current case is compared with the information found in the selected older cases and all matches will be reported.
Handy Built-in Tools. PList, Registry, and SQLite viewers allow you to work more thoroughly with particular types of data and find even more evidence than automatic search was able to discover.
Low-level Investigations. Equipped with File System Explorer, Hex Viewer, and Type Converter, Belkasoft Evidence Center will allow you to perform deep examination of the contents of files and folders on the device.
Extendable with BelkaScript. Free scripting module allows user to write their own custom scripts in order to automate some of the routine and further extend the product’s functionality.
OS:Windows 7 or Windows 10
CPU:4-core i7 processor with hyperthreading
RAM:16 Gb of RAM (per each instance of the product)
SSD drive as a system disk and big magnetic drive for case data (1Tb or larger)
Storage devices: hard drives and removable media
Disk images: EnCase, AD1, L01/Lx01, FTK, Advanced forensics formats, DD, SMART, X-Ways, Atola, DMG, archive files (such as tar, zip and others)
Virtual machines: VMWare, Virtual PC/Hyper-V, VirtualBox, XenServer
Memory: RAM dumps, Hibernation files, Page files
File systems: APFS, F2FS, FAT, exFAT, NTFS, HFS, HFS+, ext2, ext3, ext4, YAFFS, YAFFS2
Acquisition: Available to DD or E01 images with optional hash calculation and verification
Supported picture formats: 3FR, ARW, BAY, BMP, BMQ, CAP, CINE, CR2, CRW, CS1, CUT, DC2, DCR, DDS, DIB, DNG, DRF, DSC, EMF, ERF, EXIF, EXR, FAX, FFF, G3, GIF, HDR, HEIC, IA, ICO, IFF, IIQ, J2C, J2K, JFIF, JNG, JP2, JPE, JPEG, JPG, K25, KC2, KDC, KOA, LBM, MDC, MEF, MNG, MOS, MRV, NEF, NRW, ORF, PBM, PCD, PCT, PCX, PEF, PFM, PGM, PIC, PICT, PNG, PNM, PPM, PSD, PTX, PXN, QTK, RAF, RAS, RAW, RDC, RLE, RPBM, RPGM, RPPM, RW2, RWZ, SGI, SR2, SRF, STI, TGA, TIF, TIFF, WBM, WBMP, WMF, XBM, XPM.
Picture analysis allows detection of texts, faces, skin tone and scanned text (OCR). ANN (Artificial neural network)-based pornography, gun and narcotic cache detection supported.
Detection of photo manipulation (forgery) is available with Forgery Detection plugin (extra module)
The following formats can be carved: GIF, JPEG/JPG, PNG, BMP, WMF
Supported video formats: 3GP, 3G2, ASF, AVI, DIVX, DRC, F4A, F4B, F4P, F4V, FLV, IFO, M2V, M4P, M4V, MK3D, MKA, MKS, MP2, MP4, MKV, MOV, MPE, MPEG, MPG, MPV, NSV, OGG, OGV, QT, RM, RMV8, SVI, TS, VOB, WEBM, WMV
Key frame analysis available for 3GP, 3G2, AVI, MP4, MPEG, MPG, WMV, MOV videos