Belkasoft Evidence Center 2020使調查人員可以輕鬆獲取,搜索,分析,存儲和共享在計算機和移動設備,RAM和雲中發現的數字證據。該工具包將通過分析硬盤驅動器,驅動器映像,雲,內存轉儲,iOS,Blackberry和Android備份,GrayKey,UFED,OFB,Elcomsoft,TWRP映像,JTAG和碎片轉儲來快速從多個來源提取數字證據。中心將自動分析數據源,並佈置最具有法律意義的重要文物,供調查人員檢查,更仔細地檢查或添加到報告中。
BEC用於進行數字調查,通常與在線或離線犯罪,數據恢復,情報和反情報有關。Belkasoft證據中心(又稱BEC)是Belkasoft的旗艦數字取證套件。該產品使調查人員可以輕鬆執行現代數字調查的所有步驟,例如:
從各種設備和雲中獲取數據
工件提取和回收;分析提取的數據
報告;分享證據
Belkasoft Evidence Center 2020 v.9.7是一種一體化的取證解決方案,將移動和計算機取證以及內存,雲和遠程取證以及事件調查整合在一個工具中。 鑑於其價格合理,它是市場上其他可用產品中的最佳選擇之一。在第9.7版中,Belkasoft大大擴展了BEC對各種移動數據源的支持,並改進了其遠程取證模塊。
收購基於MTK的設備;通過MTP / PTP協議進行採集
iOS 13支持;支持小米和華為備份
F2FS文件系統解析與分析
CarPlay分析;遠程取證的重大改進(macOS支持; WMI部署)
修改了連接圖;人工神經網絡對照片進行分析的諸多改進
日語文本的搜索得到改善;大量更新工件提取
x64 | Languages:Multilanguage |
Description:
Belkasoft Evidence Center makes it easy for an investigator to acquire, search, analyze, store and share digital evidence found inside computer and mobile devices, RAM and cloud. The toolkit will quickly extract digital evidence from multiple sources by analyzing hard drives, drive images, cloud, memory dumps, iOS, Blackberry and Android backups, GrayKey, UFED, OFB, Elcomsoft, TWRP images, JTAG, and chip-off dumps.Evidence Center will automatically analyze the data source and lay out the most forensically important artifacts for investigator to review, examine more closely or add to report.
Comprehensive examination
Discovers more than 1000 types of the most forensically important artifacts, including over 200 mobile applications, all major document formats, browsers, email clients, dozens of picture and video formats, instant messengers, social networks, system and registry files, P2P and file transfer tools, etc. Extracts data from all major operating systems, both computer and mobile: Windows, Linux, macOS, iOS, Android, Windows Phone, Blackberry.
You can use one of the product's powerful analytical features for low-level examinations: SQLite Viewer, Hex Viewer, Registry Viewer—to locate hard-to-access, damaged, and deleted information.
Less missed evidence
Looks for hidden and encrypted information, searches in unusual places, carves deleted and damaged data and examines files in little-known formats to discover more evidence than ever. The search includes unallocated and slack space, $MFT, $Log, Volume Shadow Copy and other special and little known areas of operating systems.
Blazing fast operation
The product allows you to perform evidence search faster than most tools as it does not index every single file found on the data source, instead searching for the most forensically significant types of artifacts. Efficient usage of СPU adds to speediness of processing, as does the code written by our team of highly qualified specialists in data analysis.
Saves your time & effort
Unlike many other forensic products, Belkasoft Evidence Center does not require your constant presence and attention. Most of the routine is automated, allowing multi-tasking and freeing up some of your valuable time.
Forensically sound
Evidence Center is designed to meet the demands of forensic experts and investigators. Workflow is simple and quick, and results are easy to convert into a report. Reports are adjustable, comprehensive, and most importantly, absolutely valid to present in a court as proven by years of user experience. One of the real life examples was a big case of child abuse in Croatia solved using Belkasoft Evidence Center
Team work
The multi-user configuration of Evidence Center (Team Edition) provides teams with the ability to collaborate on the same cases and split the workload.
The Team Edition version allows you to store case data on a central server and access your cases remotely from the same local network. You can work on the same case with another user simultaneously and specify if other users can access your case (read-write, read-only or no access).............
System Requirements:
OS:Windows 7 or Windows 10
CPU:4-core i7 processor with hyperthreading
RAM:16 Gb of RAM (per each instance of the product)
SSD drive as a system disk and big magnetic drive for case data (1Tb or larger)
Storage devices:hard drives and removable media
Disk images:EnCase, AD1, L01/Lx01, FTK, Advanced forensics formats, DD, SMART, X-Ways, Atola, DMG, archive files (such as tar, zip and others)
Virtual machines:VMWare, Virtual PC/Hyper-V, VirtualBox, XenServer
Memory: RAM dumps, Hibernation files, Page files
File systems: APFS, F2FS, FAT, exFAT, NTFS, HFS, HFS+, ext2, ext3, ext4, YAFFS, YAFFS2
Acquisition: Available to DD or E01 images with optional hash calculation and verification
-Supported picture formats:3FR, ARW, BAY, BMP, BMQ, CAP, CINE, CR2, CRW, CS1, CUT, DC2, DCR, DDS, DIB, DNG, DRF, DSC, EMF, ERF, EXIF, EXR, FAX, FFF, G3, GIF, HDR, HEIC, IA, ICO, IFF, IIQ, J2C, J2K, JFIF, JNG, JP2, JPE, JPEG, JPG, K25, KC2, KDC, KOA, LBM, MDC, MEF, MNG, MOS, MRV, NEF, NRW, ORF, PBM, PCD, PCT, PCX, PEF, PFM, PGM, PIC, PICT, PNG, PNM, PPM, PSD, PTX, PXN, QTK, RAF, RAS, RAW, RDC, RLE, RPBM, RPGM, RPPM, RW2, RWZ, SGI, SR2, SRF, STI, TGA, TIF, TIFF, WBM, WBMP, WMF, XBM, XPM.
-Picture analysis allows detection of texts, faces, skin tone and scanned text (OCR). ANN (Artificial neural network)-based pornography, gun and narcotic cache detection supported.
-Detection of photo manipulation (forgery) is available with Forgery Detection plugin (extra module)
-The following formats can be carved: GIF, JPEG/JPG, PNG, BMP, WMF
-Supported video formats: 3GP, 3G2, ASF, AVI, DIVX, DRC, F4A, F4B, F4P, F4V, FLV, IFO, M2V, M4P, M4V, MK3D, MKA, MKS, MP2, MP4, MKV, MOV, MPE, MPEG, MPG, MPV, NSV, OGG, OGV, QT, RM, RMV8, SVI, TS, VOB, WEBM, WMV
-Key frame analysis available for 3GP, 3G2, AVI, MP4, MPEG, MPG, WMV, MOV videos
Belkasoft Evidence Center v9.9.4572 (x64)
|