Belkasoft Evidence Center 6.0 Carves Android and Windows Registry Items, Supports Visual Timeline and Drops Prices
St. Petersburg, Russia (PRWEB) November 20, 2013 -- Belkasoft announces a major update to its flagship forensic product, Belkasoft Evidence Center 2014. The new version adds Windows Registry and Android carving, extends carving of fragmented memory sets, processes forensic disk images in multiple formats, and introduces a visual event timeline. The new Registry Viewer allows accessing damaged and corrupted Registry hives. With version 6.0, Belkasoft announces a major price drop on the two starter editions.
New in Belkasoft Evidence Center 6.0
The visual timeline presents all system and user-originated events in a single visual layout. The new timeline allows investigators to glance over suspect’s activities or scrutinize a particular period of time faster and without switching between multiple views.
Evidence Center 6.0 introduces carving support for Android images and backups.
Evidence Center 6.0 adds support for a range of disk image formats including VMDK, VDI, AFF, UFED, RAW, and *.000, enabling investigators analyzing images obtained from popular virtual machines and produced by disk imaging kits.
Improved Fragmented RAM Analysis
Volatile data in the computer’s RAM is rarely stored in contiguous fashion. Instead, information is split into chunks randomly distributed among the physical cells of computer’s memory. Traditional RAM analysis algorithms attempting to analyze volatile evidence struggle with memory sets.
The previous version of Belkasoft Evidence Center introduced BelkaCarving, an algorithm to reconstruct fragmented chunks into contiguous pieces of information. However, back then BelkaCarving only supported memory dumps obtained from Windows 7.
The ability to recover evidence from fragmented memory dumps with Live RAM analysis is greatly improved with enhanced BelkaCarving engine. In Evidence Center 6.0, BelkaCarving is greatly improved and extended to support memory images captured from systems running Linux x32, Android, and all 32-bit and 64-bit versions of Windows.
Visual Timeline
Evidence Center 6.0 introduces a new graphical view of suspect’s activities. The new graphical Timeline displays all discovered user activities and system events in a single chart. By using the Timeline, investigators can investigate suspect’s activities over a certain time period without having to switch views.
Windows Registry Carving and Viewing
Windows Registry contains a large number of forensic artifacts that can be invaluable for an investigation. Valuable evidence available in Windows Registry includes MRU of various applications (e.g. MS Office, Acrobat Reader etc.), UserAssist and application startup data, list of connected USB devices, network cards, wireless profiles and many other types of artifacts.
In version 6.0, Belkasoft Evidence Center gains the ability to carve information out of damaged, partial or fragmented Registry files, enabling access to destroyed evidence stored in deleted Registry hives.
The newly added Registry Viewer is included to allows investigators accessing Registry artifacts stored in damaged, corrupted or incomplete Registry files that cannot be opened with Windows Regedit.
Lower Prices and New Editions
With this release, Belkasoft tidies up the range and offers two new entry-level editions for a significantly lower price than ever before. With two new editions introduced, Evidence Center becomes more affordable and more feature-rich at the same time.
The entry-level edition is now priced at only 40% of the price of the previous starter edition, Forensic IM Analyzer, while inheriting all the features of the now discontinued edition. Chat & Social Analyzer has more features compared to the Forensic IM Analyzer (discontinued), offering Live RAM analysis and carving while selling for the same price as the identically priced discontinued edition. The complete product range can be reviewed at http://belkasoft.com/bec/en/Whats_New_In_Version_6.0
About Belkasoft Evidence Center 2014
Belkasoft Evidence Center is the company’s flagship computer forensic tool enabling security experts and forensic specialists collect and analyze more digital evidence than ever. Belkasoft Evidence Center can automatically locate, process and analyze volatile evidence stored in the computer’s RAM, identify encrypted files, carve Internet chat logs, Web browsing history and email communications including information stored in digital pictures and videos. The ability to process office documents in a wide range of formats enables investigators to perform near-instant full-text search among all the documents discovered on the suspect’s PC.
Low-level access to hard disk and system structures means that even data that’s been deleted by the suspect cannot escape from investigators. Supporting Windows, Unix/Linux and Mac OS X file systems and natively mounting images created in EnCase, DD and SMART formats, FTK images and many popular virtual machines without using these or any third-party tools, Belkasoft Evidence Center can collect more evidence than any single competing tool in its class.
Pricing and Availability
Belkasoft Evidence Center 2014 is available immediately. Pricing for Evidence Center Chat Analyzer edition starts from $199.95, while the Ultimate edition is available from $1099.95. There are two editions in between.
About Belkasoft
Founded in 2002, Belkasoft is a computer forensic software vendor. Belkasoft products back the company’s "Forensics made easier" slogan, offering IT security experts and forensic investigators solutions that work right out of the box, without requiring a steep learning curve or any specific skills to operate.
Belkasoft Evidence Center 2014 is a world renowned tool used by thousands of customers for conducting forensic investigations, as well as for law enforcement, intelligence and corporate security applications. Belkasoft customers include government and private organizations in more than 40 countries, including the FBI, US Army, DHS, police departments in Germany, Norway, Australia and New Zealand, PricewaterhouseCoopers, and Ernst & Young.
More information about the company and its products at http://belkasoft.com
# # #
Information on Belkasoft Evidence Center as well as the free demo download are available at http://belkasoft.com/trial
The complete list of additions and enhancements in version 6.0 is available at http://belkasoft.com/bec/en/Whats_New_In_Version_6.0
Yuri Gubanov, Belkasoft, http://belkasoft.com, +7 8129211201, [email protected]
Share this article