Using EnCase with the Latest Release of Belkasoft Evidence Center

Yuri Gubanov, Belkasoft

Belkasoft has just updated its digital forensics suite, Belkasoft Evidence Center, making the tool a true, all-in-one forensic solution. When seamlessly integrated with EnCase, the two tools can cover nearly every digital forensic need. Belkasoft Evidence Center helps you jump-start investigations by automatically discovering evidence gathered from many different sources.

In its biggest update in two years, Belkasoft has done more than learn a few new tricks. It now extracts and analyzes evidence from pretty much any data source you can imagine. Hard drives and drive images with Windows, Linux, Ubuntu, and many other operating systems; smartphone backups in all popular formats; UFED images and chip-off dumps; live memory dumps; and many virtual machines can be scanned for available evidence. This major update turns Belkasoft Evidence Center into a true, all-in-one digital forensic tool.

We added several new modules to bring about these changes.


Evidence Discovery Module

The newly added File System module allows reading the complete file system of a device, dump, drive or memory image, mobile phone or tablet. This new module displays data stored in all volumes and partitions, files and folders, including special files and folders such as $OrphanFiles, $Log, $BadClus etc.

The File System module supports a wide range of file systems used in Windows, Linux (including Linux forks such as Android and Ubuntu), Mac OS X and iOS.

Custom Scripting Engine

Small things can create a great usage experience – or totally ruin it. A simple, routine operation repeated a hundred times every day can quickly make using even the best tool a nightmare.

In this release, Belkasoft Evidence Center addresses this issue by allowing its users automate routine operations or automate just about any task. The newly introduced custom scripting engine uses a C#-like programming language, making the tool infinitely extensible with Belkasoft and third-party modules.

The new scripting engine makes creating add-on modules easy. Users can write their own modules to add product features and extend its functionality. These modules are seamlessly integrated into the user interface and enjoy access to raw data and extracted evidence. By assigning a dedicated hot key or toolbar button to a new module, users can automate repeat operations.

Belkasoft offers a bunch of ready-made scripts along with their full source codes in simplified C#. To give an example, one of the sample scripts implements custom carving using a pre-defined signature. The new scripting mechanism makes it easy to share and exchange custom scripts.

More Enhancements

What else is new in Belkasoft Evidence Center 7.0? Major improvements to Live RAM analysis enable convenient extraction and analysis of running processes. The newly added Hex Viewer enables binary analysis of any file on the disk, disk image, process or a memory dump.

Belkasoft Evidence Center continues delivering extensive acquisition and analytic support out of the box, discovering evidence in many popular formats such as email, documents, mobile apps, SQLite databases, registry and system files, Internet chats and social networks, pictures, videos and many more. The number of supported evidence types in Belkasoft Evidence Center 7.0 exceeded 500.

Improved EnCase Integration

Leveraging the scripting capability, Belkasoft Evidence Center is seamlessly integrated with Guidance Software EnCase. Working together, the two products can cover every digital forensic need. With Belkasoft Evidence Center, users can jump-start their investigations by automatically discovering evidence gathered from the many different sources. Analyzing collected data in EnCase Forensic delivers powerful and comprehensive crime-solving abilities.


EnCase App Central Partner of the Month

The improvements in Belkasoft Evidence Center have earned the company the EnCase® App Central Partner of the Month honor for the second time since the store opened nearly two years ago. With investigations involving social media exploding in volume, a tool like Belkasoft Evidence Center is critital to finding potential evidence not only for law enforcement, but also for corporate IT for security, e-discovery collections, and cases involving human resources policy violations.

For a free 30-day trial of Belkasoft Evidence Center, please visit http://belkasoft.com/get. And for a demonstration of the tool, don't miss our upcoming webinar featuring Belkasoft's own Yuri Gubanov and Oleg Afonin on March 18th, 2015.


Yuri Gubanov is the founder and CEO of Belkasoft. 

Originally published in Forensic magazine.
Originally published in Forensic magazine.

No comments :

Post a Comment