Reliable end-to-end solution to accelerate digital forensic and incident response investigations
Easy to use
Belkasoft Evidence Center X works out of the box and can be easily integrated into customer workflows.
The software interface is so user-friendly that you can start working with your cases right after the Belkasoft X deployment.
Belkasoft Evidence Center X acquires, examines, analyzes, and presents digital evidence from major sources-computers, mobile devices, RAM and cloud services in a forensically sound manner. If you need to share the case details with your colleagues, use a free-of-charge portable Evidence Reader.
Quick and smart
While performing search tasks for evidence, Belkasoft Evidence Center X uses approaches that enable it to find the most forensically significant artifacts quickly instead of wasting time on redundant operations.
Powerful analytical features such as a connection graph, a timeline and advanced picture and video analysis help you to uncover facts rapidly.
Belkasoft X automates search tasks, and thus the product can run unattended, you can multitask and complete an investigation at a quick pace.
Tailored to your needs
You can select a product edition that suits your workflow, whether you are an expert in a digital forensic laboratory of a federal law enforcement agency or in a digital forensic and incident response consulting company, an investigator in a local or state police department, or a private practitioner.
Thanks to the flexible price structure you will find the product edition which perfectly fits your needs and budget.
Belkasoft Evidence Center X is based on the successful Belkasoft Evidence Center and encompasses many years of experience, a large amount of user feedback, and expert suggestions from numerous investigators from both a law enforcement and corporate world.
What's new in version X v1.7
- A new Android acquisition method: now for Spreadtrum SoC. The new method supports almost 90 phone models and allows a user to acquire a full physical image of a device. With the new release, Belkasoft X now supports 10 different ways to acquire various types of Android devices, from standard ADB to EDL/Qualcomm to MTK to APK downgrade and others.
- Signal backup decryption supported for Android. You will need a decryption key for the successful acquisition. Please see our BelkaCTF #2 write-up, which includes a video of how this feature is used in a close-to-real-life case
- New and updated iOS apps: Onion browser, CoverMe, VK app, Wickr
- New and updated Android apps: Google Maps, Google Maps Search, Slack, Telegram X
- APK downgrade improvements: Only selected applications are acquired during acquisition from an Android device using application downgrade method
- Parsing of APFS T2 volumes acquired by MacQuisition is supported
- Passware integration updated to PKF 2021.2.1
- macOS apps analysis updated for Notes and Messages
- Support of AFF4 images of physical and logical drives improved
- Built-in Registry Viewer usability improved
- LUKS decryption with a known password supported
Media File Analysis
- A new feature is added: Face Grouping. If you opt to detect faces in still images and video keyframes, the product will group found faces if they look similar to each other (and likely belong to the same person).
- A new face detection algorithm was integrated and is now based on the most modern ANN (Artificial Neural Network), which made the new face detection quicker and more robust
If you apply a local or a global filter, the list of applied filter criteria is now shown on top of the grid next to the artifacts number. With this new feature, you can easily see, which filters are currently applied and easily delete any of them by using the X button next to the criterion name.
- File system acquisition of iOS 14.2 with the help of agent-based method updated and became more robust
- Error 31 fixed when creating an image via Android agent or APK downgrade for devices running Android versions 7 to 11
- A number of issues with MTK acquisition fixed
- Adding a HiSuite Huawei backup data source now asks for a password instantly, not under Tasks window
- 'Copy folder' function improved for cases when directory length exceeds Windows limits. Now you can copy data into a tar archive, what allows you to preserve full paths including original symbols (even if not allowed by file system and even if a path is too long)
- Analysis startup is fixed for .AD1 images
- Qualcomm acquisition now detects that a device is not switched to the EDL mode and prompts a user to correct this
- Work with multiple keychain items is improved for cases with multiple iOS images in the same case
- 'Go to parent' function now correctly navigates to a correct item for Gallery view (before it was showing first item)
Mobile and Computer Acquisition
The product allows you to acquire data from a computer, a laptop or a mobile device. Hard and removable drives are acquired into DD and E01 formats with optional hash calculation and verification. For mobile devices running iOS Belkasoft X acquires iTunes backup and full file system copy by means of agent-based and checkm8-based methods or when a device is jailbroken; for Android devices there are multiple formats: standard ADB or agent-based backup, EDL and physical backup for rooted devices.
- E01/DD imaging
- Jailbreak support
- Agent-based acquisition
Mobile and Computer Device Examination
Supporting all major desktop and mobile operating systems, Belkasoft Evidence Center X is suitable for mobile and computer forensics. It can parse real and logical drives and drive images, virtual machines, mobile device backups, UFED and OFB images, JTAG and chip-off dumps.
- Chat apps
- Pictures & videos
- System files
- Mobile apps
- Payment apps
- Online games
REVIEW & ANALYZE
Smart and Comprehensive Analysis
The product looks everywhere on the device completely automatically and can successfully identify thousands types of digital artifacts. Convenient Evidence Search feature helps to narrow down the findings using filters, pre-defined search, or other options.
- File System Explorer
- Artifacts viewer
- SQLite viewer
- Registry viewer
- Plist viewer
- Hash set analysis
- Advanced picture and video analysis
- WDE and file decryption
- Connection graph
- Cross-case analysis
- Incident investigations
Native SQLite parsing
Recovers corrupted and incomplete SQLite databases, restores deleted records and cleared history files. Processes write-ahead logs, journal files, and SQLite unallocated space.
Live RAM analysis
Belksoft Evidence Center X can extract potentially crucial information from volatile memory, such as: in-private browsing and cleared browser histories, online chats and social networks, cloud service usage history, and much more. Belkasoft Live RAM Capturer is a powerful tool for creating memory dumps, and it is complimentary.
Handy built-in tools
PList, Registry, and SQLite viewers allow you to work more thoroughly with particular types of data and find even more evidence than automatic search was able to discover.
Through its File System window, Hex Viewer, and Type Converter tools, Belkasoft Evidence Center X allows you to perform deep examinations into the contents of files and folders from devices. With its customizable File and Data carving functions, you get to recover deleted and hidden artifacts and perform memory process analysis to view alive and dead processes in memory dumps. You can also use its hash algorithms to run searches against hash sets (NSRL and ProjectVic formats included).
Customizable reports in multiple formats
Reports in numerous formats such as text, HTML, XML, CSV, PDF, RTF, Excel, Word, EML, KML.
Free portable case viewer
Free Evidence Reader tool allows sharing your findings with your colleagues with or without Belkasoft Evidence Center X installed.
Belkasoft Evidence Center X allows data extraction from multiple sources:
- Operating systems: Windows (all versions, including Windows 10), macOS, Unix-based systems (Linux, FreeBSD, etc.)
- Storage devices: hard drives and removable media
- Disk images: EnCase, FTK, X-Ways, AFF4, L01/Lx01, DD, SMART, Atola, DMG, archive files (such as tar, zip and others)
- Virtual machines: VMWare, Virtual PC/Hyper-V, VirtualBox, XenServer
- Memory: RAM dumps, hibernation files, page files
- File systems: APFS, FAT, exFAT, NTFS, HFS, HFS+, ext2, ext3, ext4
- Acquisition: Available to DD or E01 images with optional hash calculation and verification
- Operating systems: iOS (iPhone/iPad), Android, Windows Phone 8/8.1, Blackberry
- Data sources: Mobile backups, UFED and OFB images, GrayKey, chip-off dumps, TWRP images, JTAG dumps, Blackberry IPD and BBB backups, Android physical dumps, Xiaomi MIUI backups, Huawei HiSuite backups
- File systems: APFS, HFS+, F2FS, YAFFS, YAFFS2, ext2, ext3, ext4
- iOS: iTunes, agent-based, checkm8-based, lockdown file support, PTP/MTP, jailbroken devices support
- Android: ADB backup, agent-based, rooted devices support, PTP/MTP, MediaTek
- Email: Yahoo, Hotmail, Opera, Yandex, Mac.com and 25 more webmail clouds
Belkasoft Evidence Center X runs on any Windows OS, starting Windows 7 SP1 (64-bit versions).
X Computer edition is a cost-effective solution developed specifically for investigators in local police departments, experts in small to medium consulting companies providing digital forensic and incident response services, and individual customers such as private investigators or digital forensic consultants.
Customers who typically deal with only a few computer-related cases per year and/or have a limited budget will enjoy the very affordable price of X Computer edition.
When you purchase this edition, you get to:
- Extract data from hard drives, mount and analyze hard drives, disk images, virtual machines, and RAM
- Examine and analyze hundreds of artifacts: instant messengers, browsers, mailboxes, documents, images and videos, system files, online games, and payment applications, cloud artifacts
- Use analytical features:
- Connection graph to reveal connections between artifacts and people in a case
- Timeline to identify all the events within a specific timeframe
Smart and powerful carving feature to locate evidence that was deleted, destroyed, or never permanently stored on the hard drive at (page file, hibernation file, RAM contents)
- Perform in-depth examinations into the contents of files and folders on the device with File System Explorer
- Find even more evidence with PList, Registry, and SQLite Viewers
X Mobile edition is a cost-effective solution developed specifically for investigators in local police departments, experts in small to medium consulting companies who provide digital forensic and incident response services, as well as individual customers (i.e. private investigators or digital forensic consultants).
Customers who typically deal with just few cases per year involving unlocked mobile devices, and usually have limited budgets will enjoy the affordable price of X Mobile edition.
When you purchase this edition, you get to:
- Acquire images of multiple iOS and Android devices, Blackberry, and Windows phones
- Extract data from iOS devices by means of several acquisition methods and functions such as jailbreaks, agents, lockdown files, and the keychain file extraction
- Examine and analyze mobile artifacts - calls and messages, mailboxes, messenger apps data (WhatsApp, Signal, Telegram, Snapchat, WeChat, etc.), social media apps (Facebook, Twitter, Tinder, etc.), cryptocurrencies, browsers, and many more
- Utilize Belkasoft X functionality to mount third-party tools images (UFED, OFB, GrayKey, etc.), mobile backups, chip-off dumps, TWRP images, JTAG dumps, etc.
X Forensic edition is the complete solution for conducting in-depth investigations on all types of digital media devices and data sources, including computers, mobile devices, RAM and the cloud. It is an irreplaceable analytical tool for digital forensic laboratories of federal law enforcement agencies and state-level police departments.
When you purchase this edition, you get all the features available in X MOBILE and X COMPUTER editions.
Additionally, you get to:
- Acquire and analyze data from cloud sources
- Use checkm8-based acquisition to extract data even from locked iPhones without a jailbreak (right on your Windows workstation)
- Access devices encrypted with whole device encryption (WDE), such as APFS, Bitlocker, TrueCrypt and others
X Corporate edition is the digital forensic and incident response solution with enhanced analytical functionality specifically developed to meet the business requirements of large corporate organizations, which prefer to have a DFIR team in-house or provide DFIR services. Corporate incident responders can take advantage of a combination of X Forensic capabilities and advanced X Corporate features incorporated into the product specifically to respond to the demands of corporate customers.
When you purchase this edition, you get all the features available in X FORENSIC edition.
Additionally, you get to:
- Investigate hacking and intrusions into Windows-based computers with the help of Incident Response module
- Find intersections between the currently investigated case and other Belkasoft X cases by using Cross-Case Search functionality
Please contact BTSoftware for pricing