Belkasoft Adds Forensic Support for Windows Phone 8.1, Enables JTAG and UFED Dump Analysis

Share Article

Belkasoft updates its digital forensic solution, Belkasoft Evidence Center 2015, with the ability to perform forensic analysis of Windows Phone 8.1 images acquired via JTAG flashers and Cellebrite UFED hardware. The new release enables automated extraction, discovery and analysis of user data available in chip-off dumps acquired from mobile devices running Windows Phone 8 and 8.1.

Belkasoft updates its digital forensic solution, Belkasoft Evidence Center 2015, with the ability to perform forensic analysis of Windows Phone 8.1 images acquired via JTAG flashers and Cellebrite UFED hardware. The new release enables automated extraction, discovery and analysis of user data available in chip-off dumps acquired from mobile devices running Windows Phone 8 and 8.1. Supported data includes Web browsing histories, contacts, call logs, chats, instant message conversations, cached social network communications, screen shots of background applications, and many other types of data.

Forensic Acquisition of Windows Phone 8.1

While the Windows Phone platform is a relative newcomer on the mobile market, Microsoft is determined to capture a larger market share. In absolute numbers, there are currently more than 6 million Windows Phone users in the United States alone, which translates into a 3.6% market share. Windows Phone devices are extremely popular in Europe, accounting for 9.2% of all smartphone sales within the European Union.

Microsoft has tight control over the Windows infrastructure, strictly controlling both hardware and software specs of all Windows smartphones. As a result, all Windows Phone devices not only receive equally high security treatment, but enjoy software updates directly from Microsoft including security patches. Microsoft’s tight control over its mobile infrastructure makes Windows Phone platform highly resistant to traditional physical acquisition methods, requiring the use of JTAG and chip-off dumps via UFED hardware to acquire information.

Analyzing Windows Phone 8.1 Dumps

The new release of Belkasoft Evidence Center 2015 enables full support for information dumped or extracted from all Windows Phone 8.1 devices with the use of JTAG or UFED hardware.

Belkasoft Evidence Center 2015 can parse the binary dumps, reconstructing the original file system of the device and enabling experts browse, view and extract individual files and folders. The tool will automatically search for, extract and analyze the many types of evidence recognized by Belkasoft Evidence Center including contacts and address books, call logs, communication histories in Skype and third-party messenger apps, browsing history and cached social network conversations.

Page File Analysis

Similar to its desktop counterpart, the mobile version of Windows swaps memory pages into a page file. Considering the domination of low-memory devices with only 512 MB of RAM, their reliance on page files is extremely strong. However, due to the different microprocessor architecture, the format and content of the page file differs significantly. At the same time, page files contain a host of forensically important information, preserving snapshots of the device’s volatile memory and containing essential real-time information that would be otherwise lost once device has been powered off.

Belkasoft Evidence Center becomes the first digital forensic tool to parse Pagefile.sys files produced by Windows Phone 8.1. The tool will automatically parse the page file, carving all known types of artifacts such as cached Web pages and pictures, chat messages and posts in social networks.

Screen Shots of Minimized Applications

Windows Phone devices can only run one app in the foreground. Background applications are minimized and often pushed out of the volatile memory. At the time Windows Phone minimized an app, the system captures and stores its screen shot. Depending on the application, the screen shot may display current user activity such as the currently visited Web page or social network profile, open chat session, picture or video being viewed. Information captured with these screen shots is often unavailable elsewhere.

Belkasoft Evidence Center recognizes the importance of application screen shots, targeting these images specifically during carving and displaying them in a dedicated section.

About Belkasoft Evidence Center 2015

Belkasoft Evidence Center is a digital forensic solution enabling security experts and forensic specialists collect and analyze digital evidence from computer and mobile devices. Belkasoft Evidence Center can automatically locate, process and analyze evidence stored inside hard drives, forensic images and dumps. Hundreds of evidence types supported out of the box, such as documents, emails, pictures and videos, chats and browser histories, encrypted and system files.

Low-level access to hard disk and system structures means that even data that’s been deleted by a suspect cannot escape from investigators. Supporting Windows, Unix/Linux, Android and Mac OS X file systems, natively mounting images created in EnCase and FTK, DD and SMART formats, UFED, chip-off and JTAG binary dumps, X-Ways containers and many popular virtual machines without using these or any third-party tools, Belkasoft Evidence Center can collect more evidence than any single competing tool in its class.

Pricing and Availability

Belkasoft Evidence Center 2015 is available immediately. Pricing for Evidence Center Chat Analyzer edition starts from $199.95, while the Ultimate edition is available from $1099.95. There are two editions in between.

About Belkasoft

Founded in 2002, Belkasoft is a computer forensics software manufacturer. Belkasoft products back the company’s "Forensics made easier" slogan, offering IT security experts and forensic investigators solutions that work right out of the box, without requiring a steep learning curve or any specific skills to operate.

Belkasoft Evidence Center 2015 is a world renowned tool used by thousands of customers for conducting digital forensic investigations, as well as for law enforcement, intelligence and corporate security applications. Belkasoft customers include government and private organizations in more than 60 countries, including the FBI, US Army, DHS, police departments in Germany, Norway, Australia and New Zealand, PricewaterhouseCoopers, and Ernst & Young.

Belkasoft D-U-N-S number 683524694.
Belkasoft NATO Commercial and Government Entity (NCAGE, also CAGE) code SKF09.
Belkasoft is also registered within Central Contractor Registration (CCR), ORCA and WAWF.
Belkasoft is a registered trademark.

More information about the company and its products at http://belkasoft.com

# # #

Information on Belkasoft Evidence Center as well as the free demo download are available at http://belkasoft.com/get

Share article on socal media or email:

View article via:

Pdf Print

Contact Author

Yuri Gubanov
Belkasoft
+7 8129211201
Email >
Visit website