Belkasoft X (Belkasoft Evidence Center X) is a flagship tool by Belkasoft for computer, mobile, cloud and drone forensics. It can help you to acquire and analyze a wide range of mobile and computer devices, run various analytical tasks, perform case-wide searches, bookmark artifacts, and create reports.
MOBILE AND COMPUTER ACQUISITION
The product allows you to acquire data from a computer, a laptop or a mobile device. Hard and removable drives are acquired into DD and E01 formats with optional hash calculation and verification. For mobile devices running iOS Belkasoft X acquires iTunes backup and full file system copy with keychain by means of agent-based and checkm8-based methods or when a device is jailbroken; for Android devices there are multiple approaches to data acquisition: standard ADB or agent-based backup, Qualcomm and MTK-specific dumps, physical and logical backup for rooted devices, APK downgrade and other methods.
- E01/DD imaging
- checkm8
- Jailbreak support
- Agent-based acquisition
MOBILE AND COMPUTER DEVICE EXAMINATION
Supporting all major desktop and mobile operating systems, Belkasoft X is suitable for mobile and computer forensics. It can parse real and logical drives and drive images, virtual machines, mobile device backups, UFED and GrayKey images, JTAG and chip-off dumps.
- Chat apps
- Browsers
- Mailboxes
- Documents
- Pictures & videos
- Audio
- System files
- Mobile apps
- Payment apps
- Online games
- Clouds
- P2P
SMART AND COMPREHENSIVE ANALYSIS
The product looks everywhere on the device completely automatically and can successfully identify thousand types of digital artifacts. Convenient artifact search, sorting, bookmarking and filtering help to narrow down the findings.
- File system explorer
- Artifacts viewer
- SQLite viewer
- Registry viewer
- Plist viewer
- Hash set analysis
- Advanced picture and
video analysis - WDE and file decryption
- Timeline
- Connection graph
- Incident investigations
NATIVE SQLITE PARSING
Recovers corrupted and incomplete SQLite databases, restores deleted records and cleared history files. Processes freelists, write-ahead logs, journal files, and SQLite unallocated space.
LIVE RAM ANALYSIS
Belkasoft X can extract potentially crucial information from volatile memory, such as: in-private browsing and cleared browser histories, online chats and social networks, cloud service usage history, and much more. Belkasoft Live RAM Capturer is a powerful tool for creating memory dumps, and it is complimentary.
HANDY BUILT-IN TOOLS
Plist, Registry, and SQLite viewers allow you to work more thoroughly with particular types of data and find even more evidence than automatic search was able to discover.
LOW-LEVEL INVESTIGATIONS
Through its File System window, Hex Viewer, and Type Converter tools, Belkasoft X allows you to perform deep examinations into the contents of files and folders from devices. With its customizable File and Data carving functions, you get to recover deleted and hidden artifacts and perform memory process analysis to view alive and dead processes in memory dumps. You can also use its hash algorithms to run searches against hash sets (NSRL RDSv3 and ProjectVic formats included).
CUSTOMIZABLE REPORTS IN MULTIPLE FORMATS
Reports in numerous formats such as text, HTML, XML, CSV, PDF, RTF, Excel, Word, EML, KML, ProjectVIC JSON, Relativity Short Message Format, Semantics21 and others.
FREE PORTABLE CASE VIEWER
Free Evidence Reader allows sharing your findings with your colleagues with or without Belkasoft X installed.
X Forensic
X Forensic edition is the complete solution for conducting in-depth investigations on all types of digital media devices and data sources, including computers, mobile devices, RAM and the cloud. It is an irreplaceable analytical tool for digital forensic laboratories of federal law enforcement agencies and state-level police departments.
When you purchase this edition, you get all the features available in X Mobile and X Computer editions.
Additionally, you get to
- Acquire and analyze data from cloud sources
- Use checkm8-based acquisition to extract data even from locked iPhones without a jailbreak (right on your Windows workstation)
- Access devices encrypted with whole device encryption (WDE), such as APFS, Bitlocker, TrueCrypt and others
X Computer
X Computer edition is a cost-effective solution developed specifically for investigators in local police departments, experts in small to medium consulting companies providing digital forensic and incident response services, and individual customers such as private investigators or digital forensic consultants.
Customers who typically deal with only a few computer-related cases per year and/or have a limited budget will enjoy the very affordable price of X Computer edition.
When you purchase this edition, you get to:
- Extract data from hard drives, mount and analyze hard drives, disk images, virtual machines, and RAM
- Examine and analyze hundreds of artifacts: instant messengers, browsers, mailboxes, documents, images and videos, system files, online games, and payment applications, cloud artifacts
- Use analytical features:
- Connection graph to reveal connections between artifacts and people in a case
- Timeline to identify all the events within a specific timeframe
- Smart and powerful carving feature to locate evidence that was deleted, destroyed, or never permanently stored on the hard drive at (page file, hibernation file, RAM contents)
- Perform in-depth examinations into the contents of files and folders on the device with File System Explorer
- Find even more evidence with Plist, Registry, and SQLite Viewers
X Mobile
X Mobile edition is a cost-effective solution developed specifically for investigators in local police departments, experts in small to medium consulting companies who provide digital forensic and incident response services, as well as individual customers (i.e. private investigators or digital forensic consultants).
Customers who typically deal with just a few cases per year involving unlocked mobile devices, and usually have limited budgets will enjoy the affordable price of X Mobile edition.
When you purchase this edition, you get to:
- Acquire images of multiple iOS and Android device models, analyze Blackberry and Windows phones
- Extract data from iOS devices by means of several acquisition methods such as jailbreaks, agents, and lockdown files
- Examine and analyze mobile artifacts—calls and messages, mailboxes, messenger apps data (WhatsApp, Signal, Telegram, Snapchat, WeChat, etc.), social media apps (Facebook, Twitter, Tinder, etc.), cryptocurrencies, browsers, and many more
- Utilize Belkasoft X functionality to mount third-party tools images (UFED, GrayKey, etc.), mobile backups, chip-off dumps, TWRP images, JTAG dumps, etc.
Drone Forensics
Belkasoft X allows ingesting, parsing, and analyzing of the following drone models:
- ArduPilot DIY Drone
- DJI Agras MF-1S
- DJI Matrice
- DJI Mavic
- DJI Phantom 3
- DJI Phantom 4
- DJI Spark
- Parrot Anafi
- Yuneec Typhoon Q500
- Ryze Tello
- Sense Fly
- Sky Viper
- Yuneec H520
You can also analyze compatible drone models.
The most important types of data supported include geolocation and tracks, pictures and videos, operator logs and tracks.
Drone flight routes on built-in Maps: The built-in Maps window now shows routes for drone flights (and other applications with geodata)