Without the help of Belkasoft Evidence Center, investigators could easily miss the fake system profile.
(PRWEB) September 19, 2011
Case 1: Unauthorized Money Transfers
Group-IB, a leading commercial investigator in Russia, was approached by a major bank. The bank’s managers detected unauthorized money transfer activities going on in their system. Apparently, the bank’s money transfer system has been exploited from outside. A hard drive image and firewall logs were analyzed in the lab, revealing the computer in question was accessed remotely. In order to discover additional evidence, the lab investigated Web browser logs and user profiles; no suspicious activity was discovered.
At this point, the analysts used Belkasoft Evidence Center, which quickly revealed that the party of interest exploited the SYSTEM user profile. The catalog structure of the profile folder was highly untypical for a system profile, being a clear indicator of some sort of malicious activity. From then on, investigators used Belkasoft Evidence Center to retrieve Internet Explorer logs, revealing exact Web addresses used by the party of interest. The analysis produced the exact location on an ftp-server containing malicious code used to access the computer remotely.
The success story ended with the lab being able to reconstruct the chronology of the case and find out IP addresses of the party of interest. Without the help of Belkasoft Evidence Center, investigators could easily miss the fake system profile as such techniques are rarely employed by criminals.
Case 2: Analyzing Seized Laptops under Time Constraint
In this case, Group-IB was instructed to analyze a number of seized laptops. Email and chat communications stored on laptops’ hard drives were under investigation. Group-IB tried a number of tools, only to find out that they fail because of the large size of email databases. This and the urgent time constraints motivated Group-IB to use Belkasoft Evidence Center.
None of the other tools helped retrieve the data in question. Group-IB used Belkasoft Evidence Center to gain full access to messages stored in Outlook email databases. The so-called ‘carving’ feature of Belkasoft Evidence Center helped investigators gain full access to current and deleted messages stored in instant messenger logs.
A number of deleted Skype and QIP 2010 messages were restored, with IM user profiles discovered in non-standard locations. As a result, all message histories were successfully retrieved and saved in a readable format, producing over 6,000 pages message logs that were made available to the customer in easily readable plain-text format. The case was solved promptly and just in time considering the original tight deadline.
About Belkasoft Evidence Center
The company’s flagship computer forensic tool helps security and forensic specialists collect and analyze digital evidence from PCs even easier. Belkasoft Evidence Center will automatically locate, process and analyze Internet chat logs, Web browsing history and email communications including all stored passwords, cached forms, information stored in cookies and digital pictures, mailboxes and system files. Low-level access to hard disk and system structures means that even data that’s been deleted by the suspect cannot escape from investigators.
The affordable Standard edition is available to private investigators and corporate security departments, while the more comprehensive Enterprise edition allows major security agencies and police departments to have multiple investigators work simultaneously on a case.
Pricing and Availability
Belkasoft Evidence Center 3.0 is available immediately. Standard and Enterprise editions are available for $999.95 and $9999.95 respectively.
Founded in 2002, Belkasoft is an independent software vendor specializing in computer forensics and IT security software. Running on the Microsoft Windows platform, Belkasoft products back the company’s "Forensics made easier" slogan, offering IT security experts and forensic investigators solutions that work right out of the box, without requiring a steep learning curve or any specific skills to operate.
Along with the flagship Belkasoft Evidence Center, Belkasoft is also marketing Forensic IM Analyzer, Forensic Studio, Forensic Carver, Browser Analyzer and other products used in forensic investigations, law enforcement, intelligence, corporate security and parental control applications.
Belkasoft customers include the FBI, US Army, US Secret Service, police departments in Germany, Norway, Australia, and New Zealand, PricewaterhouseCoopers, and Ernst & Young.
More information about the company and its products is available at http://belkasoft.com
Group-IB (http://www.group-ib.com) is Russia’s leading computer security company specializing in computer forensics, digital crime and information security breach investigations. The company is a part of LETA Group.
Belkasoft made the demo version available for free download at http://belkasoft.com/bec/en/Evidence_Center.asp