Belkasoft Evidence Center 2020 version 9.9.4572 | 1.4 Gb
The Belkasoft product team is pleased to announce the availability of Belkasoft Evidence Center 2020 version 9.9. The new version mostly focuses on two major improvements: correctness of analysis of GrayKey images and zip containers in general, and carving performance.
What's New in Belkasoft Evidence Center 2020 Version 9.9
Mobile Forensics
- GrayKey images analysis massively improved and speed up
- More improvements in iOS acquisition without jailbreak
- ADB-based Android device acquisition improved
- Agent-based Android device acquisition improved
- Android apps supported or updated
. Android OneDrive support updated to v. 5.40.4
. Android Google Docs supported
. Android Google Maps improved
. Android Google Translate supported
- iOS apps supported or updated
. iOS Yahoo Mail app improved
. Text extraction improved for iOS Evernote app
. Attachments for iOS Evernote now extracted properly
. Contacts extracted from Facebook profiles when analyzing iTunes backup
. iOS Hangouts messenger supported (including geolocation data extraction)
Computer Forensics
- Carving performance is significantly improved
- Zip-based data sources analysis is massively improved
- Carved data is no more stored in database what will also save significant amount of space for every case
- Virus Total analysis fixed
- Analysis of Puffin browser for Windows improved
- LNK files analysis improvements continued
- LNK carving and analysis of carved LNK files is significantly improved
- Reports are improved for LNK artifacts
- Folder names are extracted for mailboxes of Mail 163 Windows app
- Windows OneDrive app support updated
- Issues when creating Key dictionary for password bruteforce are fixed
- Hex is now displayed for Jumplists and LNK files
- Incorrect filter criteria by 'has embedded files' for Documents fixed
Incident Investigation
- OpenSavePdl artifacts cleared up
- Author field extraction fixed for Scheduled Tasks artifacts
- Prefetch files, Shim cache and Windows Power Shell artifacts presented better
- Origin path for Prefetch files filled
- Data from the future extracted for Scheduled Tasks artifacts—fixed
- Windows RDP-Related Events Log analysis supported
Remote Acquisition
- Deployment via GPO is available again. Now there are three deployment types: local (using thumbdrive or network share), via WMI, via GPO
- Remote agent stability improved when Server and Agent are of different versions
SQLite Viewer
- Carved SQLite unallocated data now always shown on the corresponding page inside SQLite Viewer (it was blank in some circumstances before)
- SQLite loading made quicker for switching between different artifacts in artifact list
- Report creation from SQLite Viewer fixed
- WAL records count properly shown at the bottom of each SQLite Table
Other Improvements
- Windows Google Drive data extraction improved. Offset is now shown for Google Drive artifacts. Hex now properly highlights them
- Video keyframe analysis for faces, skin etc improved
- Length extraction improved for OneDrive artifacts on Windows
- Google Consent Page fixed for Google Drive and Gmail cloud downloading
- Incorrect count for pictures in Overview when key frames are presented—fixed
- The "Copy files" option doesn't work for videos from Overview—fixed
- Search terms from cases made with previous BEC version are not displayed on Search Result tab—fixed
- GrayKey images analysis massively improved and speed up
- More improvements in iOS acquisition without jailbreak
- ADB-based Android device acquisition improved
- Agent-based Android device acquisition improved
- Android apps supported or updated
. Android OneDrive support updated to v. 5.40.4
. Android Google Docs supported
. Android Google Maps improved
. Android Google Translate supported
- iOS apps supported or updated
. iOS Yahoo Mail app improved
. Text extraction improved for iOS Evernote app
. Attachments for iOS Evernote now extracted properly
. Contacts extracted from Facebook profiles when analyzing iTunes backup
. iOS Hangouts messenger supported (including geolocation data extraction)
Computer Forensics
- Carving performance is significantly improved
- Zip-based data sources analysis is massively improved
- Carved data is no more stored in database what will also save significant amount of space for every case
- Virus Total analysis fixed
- Analysis of Puffin browser for Windows improved
- LNK files analysis improvements continued
- LNK carving and analysis of carved LNK files is significantly improved
- Reports are improved for LNK artifacts
- Folder names are extracted for mailboxes of Mail 163 Windows app
- Windows OneDrive app support updated
- Issues when creating Key dictionary for password bruteforce are fixed
- Hex is now displayed for Jumplists and LNK files
- Incorrect filter criteria by 'has embedded files' for Documents fixed
Incident Investigation
- OpenSavePdl artifacts cleared up
- Author field extraction fixed for Scheduled Tasks artifacts
- Prefetch files, Shim cache and Windows Power Shell artifacts presented better
- Origin path for Prefetch files filled
- Data from the future extracted for Scheduled Tasks artifacts—fixed
- Windows RDP-Related Events Log analysis supported
Remote Acquisition
- Deployment via GPO is available again. Now there are three deployment types: local (using thumbdrive or network share), via WMI, via GPO
- Remote agent stability improved when Server and Agent are of different versions
SQLite Viewer
- Carved SQLite unallocated data now always shown on the corresponding page inside SQLite Viewer (it was blank in some circumstances before)
- SQLite loading made quicker for switching between different artifacts in artifact list
- Report creation from SQLite Viewer fixed
- WAL records count properly shown at the bottom of each SQLite Table
Other Improvements
- Windows Google Drive data extraction improved. Offset is now shown for Google Drive artifacts. Hex now properly highlights them
- Video keyframe analysis for faces, skin etc improved
- Length extraction improved for OneDrive artifacts on Windows
- Google Consent Page fixed for Google Drive and Gmail cloud downloading
- Incorrect count for pictures in Overview when key frames are presented—fixed
- The "Copy files" option doesn't work for videos from Overview—fixed
- Search terms from cases made with previous BEC version are not displayed on Search Result tab—fixed
Belkasoft Evidence Center —an easy-to-use, integrated solution for collecting and analyzing digital evidence from mobile and computer devices. Customers in law enforcement, police, military, business, intelligence agencies, and forensic laboratories in 130+ countries worldwide use Belkasoft products to fight homicide, crimes against children, drug trafficking, data leakage, fraud, and other online and offline crimes.
In this video, we will show you how to create a new case in Belkasoft Evidence Center, add a data source, extract artifacts, and create a report to share your findings
Founded in 2002, Belkasoft is a global leader in digital forensics technology, known for their sound and comprehensive forensic tools. With a team of professionals in digital forensics, data recovery and reverse engineering, Belkasoft focuses on creating technologically advanced yet easy-to-use products for investigators and forensic experts to make their work easier, faster, and more effective.
Product: Belkasoft Evidence Center
Version: 2020 version 9.9.4572
Supported Architectures: x64
Website Home Page : https://belkasoft.com/
Language: english
System Requirements: PC *
Supported Operating Systems: *
Size: 1.4 Gb
Recommended hardware
The software has been tested on multiple configurations and works well even on older laptops, but the best affordable configuration is as follows:
- Windows 7 or Windows 10
- 4-core i7 processor with hyperthreading
- 16 Gb of RAM (per each instance of the product)
- SSD drive as a system disk and big magnetic drive for case data (1Tb or larger)
The more processors/cores/RAM/disk storage, naturally the better.
The software has been tested on multiple configurations and works well even on older laptops, but the best affordable configuration is as follows:
- Windows 7 or Windows 10
- 4-core i7 processor with hyperthreading
- 16 Gb of RAM (per each instance of the product)
- SSD drive as a system disk and big magnetic drive for case data (1Tb or larger)
The more processors/cores/RAM/disk storage, naturally the better.
Please visit my blog
Added by 3% of the overall size of the archive of information for the restoration
No mirrors please
Added by 3% of the overall size of the archive of information for the restoration
No mirrors please