By covering all major steps of forensic investigations, Belkasoft joins the big boys’ club of world’s leading digital forensic solution providers offering all-in-one forensic solutions.
St. Petersburg, Russia (PRWEB) May 19, 2014
Belkasoft announces Belkasoft Acquisition and Analysis Suite, an all-in-one toolkit to perform forensic acquisition, evidence discovery and analysis. By covering all major steps of digital forensic investigations, Belkasoft joins the big boys’ club of world’s leading digital forensic solution providers offering all-in-one forensic solutions.
The new product consists of tightly integrated hardware and software components, and ships with a portable memory acquisition tool, forensic-grade disk imaging hardware and a comprehensive evidence discovery and analysis software.
Enabling the Full Forensic Cycle
Belkasoft Acquisition and Analysis Suite covers the complete investigation cycle from the acquisition stage to evidence discovery, analysis and reporting. The toolkit comes with everything required to acquire a running PC, and supplies tools for capturing memory dumps, imaging hard drives and acquiring USB devices. During the analytic stage, investigators can discover existing, hidden and destroyed evidence, analyze data, and perform a comprehensive examination of discovered evidence. The Suite comes with full reporting capabilities and allows sharing, archiving and managing evidence.
The Suite consists of a set of tightly integrated hardware and software, and includes the following components:
- Portable RAM acquisition tool (USB pen drive with pre-installed kernel-mode memory dumping software)
- Hard drive imaging hardware and software supporting SATA/IDE/USB storage media
- Powerful analytic software for discovering and analyzing acquired evidence
- Tools for sharing collected evidence allowing effective collaboration at no extra charge
Belkasoft Acquisition and Analysis Suite is open to users of third-party forensic tools. The Suite does not use proprietary file formats, allowing investigators to use memory dumps and drive images acquired with Belkasoft Acquisition and Analysis Suite with third-party analytic software. At the same time, Belkasoft Acquisition and Analysis Suite supports all popular forensic image formats, allowing its users to analyze memory dumps and drive images created with other forensic tools.
Portable Memory Acquisition Tool
Capturing the dump of the computer’s volatile memory (RAM) is an essential step that is often omitted. Considering the rapidly growing popularity of Whole Disk Encryption and cloud services, it becomes vital for an investigation to acquire a memory dump first, before triggering the power switch.
Memory dumps routinely contain information that could be essential for an investigation, including binary decryption keys for encrypted volumes (TrueCrypt, BitLocker, PGP WDE), recently viewed pictures, loaded registry keys, recent Facebook communications, emails sent and received via Web services such as Gmail or Hotmail, active malware, open remote sessions, and so on.
Belkasoft Acquisition and Analysis Suite supplies a portable tool for capturing RAM dumps. The tool uses 32-bit and 64-bit code to run in the system’s most privileged kernel mode, which guarantees acquisition of the complete content of the computer’s RAM even if an active anti-dumping system is running. Sized under 20 KB, Belkasoft Live RAM Capturer ensures industry smallest acquisition footprint while preserving the maximum amount of data.
The forensically sound tool is portable, read-only and ready to run out of the box.
Drive Imaging Toolkit
Creating a forensic image of the suspect’s hard drive is an essential step and a must-do in any investigation. Belkasoft Acquisition and Analysis Suite offers a combination of hardware and software to help investigators acquire forensic disk images while overcoming all possible issues.
The hardware is designed to acquire hard drives damaged to the point where competing imaging products stall. The expert is in full control of how to process reading errors. The product notifies of any issues immediately, without the need to wait till the imaging completes.
Belkasoft Acquisition and Analysis Suite can bypass ATA passwords including those found in the latest SATA 6 drives. HPA/DCO protection can be reset automatically if present.
The hardware supports cloning and imaging to a file, and enabling making up to 3 copies of the source device with a SATA, IDE and USB interface. The receiving device can be a SATA, SSD or USB drive or a file. Disk images can be uploaded onto a remote PC via an Ethernet connection. Full remote control operation is supported.
Evidence Discovery and Analysis Software
Belkasoft Acquisition and Analysis Suite uses Belkasoft Evidence Center software enabling investigators to discover and analyze evidence collected with memory acquisition and drive imaging tools.
Belkasoft Evidence Center enables security experts and forensic specialists collect and analyze more digital evidence than ever. The product can automatically locate, process and analyze volatile evidence stored in the computer’s RAM, identify encrypted files, process documents, SQLite databases, system files, analyze backups and dumps of iPhone/iPad/Android/Blackberry smartphones, carve Internet communications and browsing history, analyze pictures and videos. The ability to process office documents in a wide range of formats enables investigators to perform near-instant full-text search among all the documents discovered on the suspect’s PC.
Low-level access to hard disk and system structures means that even data that’s been deleted by the suspect cannot escape from investigators. Supporting Windows, Unix/Linux, Android and Mac OS X file systems, natively mounting images created in EnCase, FTK, DD and SMART formats, UFED and chip-off binary dumps, and many popular virtual machines without using these or any third-party tools, Belkasoft Evidence Center can collect more evidence than any single competing tool in its class.
Belkasoft Acquisition and Analysis Suite includes a portable tool allowing to share collected evidence at no extra charge. Belkasoft Evidence Reader allows colleagues and co-workers accessing evidence collected during an investigation from any computer, even if Belkasoft Evidence Center is not installed.
About Belkasoft Acquisition and Analysis Suite
Belkasoft Acquisition and Analysis Suite is the company’s flagship computer forensic toolkit enabling the complete digital forensic cycle: from RAM acquisition and disk imaging to evidence discovery, data analysis, reporting and sharing evidence.
The Suite consists of a set of hardware and software pieces including a portable volatile memory acquisition tool, disk imaging/cloning hardware and software, and a powerful analytic toolkit enabling discovery and examination of acquired evidence, powerful reporting and sharing.
As each item on the list covers one of the steps in a forensic investigation, Belkasoft Acquisition and Analysis Suite delivers the complete solution for performing the full forensic cycle during a digital investigation.
Pricing and Availability
Belkasoft Acquisition and Analysis Suite is available for pre-ordering. Law enforcement customers get a special pricing. Request a quote at http://belkasoft.com/quote.
Founded in 2002, Belkasoft is a computer forensics software manufacturer. Belkasoft products back the company’s "Forensics made easier" slogan, offering IT security experts and forensic investigators solutions that work right out of the box, without requiring a steep learning curve or any specific skills to operate.
Belkasoft Evidence Center 2014 is a world renowned tool used by thousands of customers for conducting forensic investigations, as well as for law enforcement, intelligence and corporate security applications. Belkasoft customers include government and private organizations in more than 60 countries, including the FBI, US Army, DHS, police departments in Germany, Norway, Australia and New Zealand, PricewaterhouseCoopers, and Ernst & Young.
Belkasoft D-U-N-S number 683524694.
Belkasoft NATO Commercial and Government Entity (NCAGE, also CAGE) code SKF09.
Belkasoft is also registered within Central Contractor Registration (CCR), ORCA and WAWF.
Belkasoft is a registered trademark.
More information about the company and its products at http://belkasoft.com
Information on Belkasoft Acquisition and Analysis Suite is available at http://belkasoft.com/baas