Belkasoft Evidence Center 8.4 Offers Advanced Mobile Forensics

Share Article

Belkasoft rolls out a major update to Belkasoft Evidence Center 2017. The new release delivers major improvements in mobile forensics, offering low-level data extraction from Android smartphones and logical and over-the-air acquisition of iOS 10.x devices.

Belkasoft updates Belkasoft Evidence Center 2017, offering new acquisition options to mobile forensic experts. Version 8.4 enables low-level physical acquisition of rooted Android devices, and enables logical and over-the-air extraction of iOS devices running the latest versions of iOS 10.

“Evidence Center is quickly becoming an all-in-one forensic acquisition and analysis tool,” says Yuri Gubanov, Belkasoft CEO. “What started as a dedicated desktop forensic tool now becomes a fully-featured suite that allows extracting, handling and analyzing evidence from a plethora of devices. The latest additions offer better compatibility with the last versions of iOS, and provide experts with a low-level acquisition option for rooted Android devices.”

Low-Level Android Extraction

Belkasoft Evidence Center 8.4 enables physical acquisition of Android devices. The new low-level acquisition algorithm requires superuser rights in order to access information. As a result, the physical acquisition method is designed to work on Android handsets that can be unlocked and either have root access already or can be rooted by the investigator.

Belkasoft’s physical acquisition technique works on all rooted devices regardless of encryption. While some other physical acquisition techniques may require unlocking the bootloader or making use of the low-level programming mechanism, most of those methods will fail to deliver meaningful evidence if full-disk encryption is enabled on the device. Notably, full-disk encryption is automatically enabled on Android handsets running Android 6.0 and newer, which, according to Google account for some 40.7% of all Android devices.

Belkasoft’s root-based extraction works regardless of the encryption status of a device. If a device is rooted, Belkasoft Evidence Center can successfully access information even when extracting a device with full-disk encryption enabled.

Logical and Over-the-Air Acquisition of iPhones and iPads running iOS 10

In addition to Android devices, Belkasoft Evidence Center 8.4 adds support for iPhone and iPad devices running the latest version of iOS, the iOS 10. For iOS devices, Belkasoft Evidence Center 8.4 supports logical acquisition as well as over-the-air extraction from iCloud.

The new release now supports iTunes-style offline backups produced by iPhone and iPad devices running iOS 10 through 10.3.3. Both plain and encrypted, password-protected backups are supported. If a backup is protected with an unknown password, experts can use the optional Decryption Module to attack the password.

Belkasoft Evidence Center 8.4 supports over-the-air acquisition of iOS cloud backups stored in Apple’s iCloud. The new release adds support for iCloud backups produced by the latest versions of iOS 10 up to and including iOS 10.3.3. The ability to remotely access device data without requiring physical access to the device itself can be crucial for many types of investigations.

Network-Based Licensing

Belkasoft Evidence Center 8.4 now supports a new network-based licensing scheme for customers using a physical dongle. Since this release, customers whose licenses are delivered via a USB dongle will no longer have to physically attach the dongle to the computer where they run Belkasoft Evidence Center. Instead, they can use Evidence Center on any computer within their local area network while the dongle is connected to any PC on that network. Please note that the number of concurrent users may not exceed the number licensed via the dongle.

About Belkasoft Evidence Center

Belkasoft Evidence Center is a world-renowned tool used by thousands of customers for conducting computer and mobile forensic investigations. Belkasoft Evidence Center can automatically discover, extract and analyze evidence from a wide range of sources including computer hard drives and disk images in all popular formats, memory dumps, mobile backups and chip-off dumps. The tool can capture and analyze volatile evidence stored in the computer’s RAM, identify encrypted files, carve Internet chat logs, Web browsing history and email communications including information stored in digital pictures and videos. The ability to process office documents in a wide range of formats enables investigators to perform near-instant full-text search among all the documents discovered on the suspect’s PC.

Low-level access to hard disk and system structures means that even data that has been deleted by the suspect cannot escape from investigators. Supporting Windows, Unix/Linux, Android and Mac OS X file systems, natively mounting images created in EnCase, FTK, X-Ways, DD and SMART formats, UFED, JTAG and chip-off binary dumps, and many popular virtual machines without using any third-party software, Belkasoft Evidence Center can collect more evidence than any single competing tool in its class.

About Belkasoft

Founded in 2002, Belkasoft is a global leader in digital forensics technology, known for their sound and comprehensive forensic tools. With a team of professionals in digital forensics, data recovery and reverse engineering, Belkasoft focuses on creating technologically advanced yet easy-to-use products for investigators and forensic experts to make their work easier, faster, and more effective.

With this focus in mind, Belkasoft introduces their flagship product, Belkasoft Evidence Center – an easy-to-use, integrated solution for collecting and analyzing digital evidence from mobile and computer devices. Customers in law enforcement, police, military, business, intelligence agencies, and forensic laboratories in 130+ countries worldwide use Belkasoft products to fight homicide, crimes against children, drug trafficking, data leakage, fraud, and other online and offline crimes.

Belkasoft D-U-N-S number 080602487. Belkasoft is registered as NATO Commercial and Government Entity (NCAGE, CAGE), Central Contractor Registration (CCR), ORCA and WAWF.

More information about the company and its products at https://belkasoft.com

# # #

Information on Belkasoft Evidence Center: https://belkasoft.com/ec
Download free trial: https://belkasoft.com/get
Free webinar: https://belkasoft.com/webinar
Complete change log: https://belkasoft.com/new

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Yuri Gubanov
Belkasoft
+7 9119211201
Email >
Visit website