Belkasoft Evidence Center 2013
Belkasoft Evidence Center makes it easy for an investigator to search, analyze, store and share digital evidence found on the hard drive or the computer's volatile memory. The toolkit makes it easy locating and analyzing information found in instant messenger logs, internet browser histories, mailboxes of popular email clients, social network remnants, peer-to-peer data, multi-player game chats, office documents, pictures, videos, encrypted files, mobile backups and system files.
Benefits
Belkasoft Evidence Center offers a number of important benefits making the product a perfect match for law enforcement, military, intelligence and business customers.
- Forensically sound solution
Does not alter or modify data on hard drives or disk images being investigated. - Comprehensive examination
Discovers more than 400 types of artifacts, supporting all major IM’s, browsers, email clients, social networks, P2P and file transfer tools etc. Search includes Volume Shadow Copy and other special Windows areas. - Less missing evidence
Looks for hidden data, searches unusual places and examines files in little-known formats to discover more evidence than ever. - Blazing fast operation
Analyzes information at the rate of disk data transfer, utilizing today's multi-core CPU's to their max. - Easy to share evidence
The free Evidence Reader add-on offers an easy way to to transfer or share collected evidence at no extra charge.
- Quick to learn and easy to use
Designed to be usable in the field, Belkasoft Evidence Center is extremely easy to operate, and feasible even for single-incident investigations. - Usable in the field
Portable edition can be plugged into any PC with no installation or configuration required. - Reports can be presented in court
Generates clean and concise reports that can be presented to the court. - Recovers destroyed evidence
Data carving allows locating evidence that was deleted, destroyed, or never stored on the hard drive at all (page file, hibernation file and live RAM analysis). Read more - Collaboration support
Enterprise edition allows working on cases together with set permissions and centralized data storage. - Trusted solution
Forensic investigators all over the world, Fortune 500 companies and multiple private security specialists use Belkasoft software. Customers include the FBI, the US Army, German police, and more than thousand government organizations from over 40 countries. More information
Less Missed Evidence
Belkasoft Evidence Center can locate a huge number of artifacts, retrieving user’s chats, communications, Web browsing and file sharing activities occurring in a wide range of software. These artifacts include:
- All major office document types (Microsoft Office, OpenOffice, PDF, RTF)
- All major 80+ instant messengers (Windows, Mac OS X and Linux)
- All major Web browsers
- All popular email clients
- Major peer-to-peer (P2P) software
- Social networks and cloud applications
- Encrypted files detection for more than 150 encrypted file types
- Popular online multi-player games
- Still images and video files analyzed for pornography, faces and embedded text (e.g. scanned documents) in more than 90 picture formats!
- Mobile device backups (iPhone, iPad and Blackberry)
- System files including Jumplists, Thumbnail files (Windows 7 and older, as well as Windows 8 new format), SQLite databases
NOTE: The list of supported artifacts may vary between the different editions of the product.
Major Features
- Case Management
Evidence can be stored broken by cases - Evidence Reader
Allows unlimited sharing of discovered evidence at no extra charge - Portable Live RAM Capturer
Makes memory dumps in kernel mode, acquiring memory sets even if protected with active anti-debugging systems - Data Carving and Live Memory Analysis
Recovers deleted and destroyed evidence as well as evidence stored in memory dumps, page and hibernation files. More on Live memory (RAM) analysis and page/hibernation file analysis - Kernel-Mode RAM Capturer
Portable kernel-mode Live RAM Capturer available free of charge to acquire system memory sets protected with active anti-dedugging systems - Industry standard
Mounts EnCase, SMART and DD images including Windows, Linux and Mac OS X drives. Integrated with EnCase v.7 and Passware Kit Forensic - Large case support
Cases containing hundreds of gigabytes of evidence are supported - Easy collaboration
Enterprise edition allows for multi-user simultaneous work - Persistent data analysis
Analyzed data will be persistently stored in the database
NOTE: The list of features may vary between different editions of the product.
See also
- Features in detail
- Quick start
- Product help
- Installation instructions
- Compare editions
- What's new in version 5.3