What’s New in Belkasoft Evidence Center 2020 Version 9.9

Belkasoft Evidence Center 2020 v.9.9 (or, in short, BEC) is an all-in-one forensic solution, combining mobile and computer forensics as well as memory, cloud and remote forensics, and incident investigations in a single tool. Given its affordable price, it is one of the best choices among other available products on the market.

The version 9.9 of Belkasoft Evidence Center mostly focuses on two major improvements: correctness of analysis of GrayKey images and zip containers in general, and carving performance. With v.9.9 you can robustly analyze all zip-based data sources. The speed of artifact and file carving is now as quick as never before.

Upgrading to version 9.9 is free to all customers with a non-expired Extended Software Maintenance and Support contract. Customers without a current contract can purchase it from the Customer Portal. Affordable training with optional certification is available.

More on new features

Mobile Forensics

  • GrayKey images analysis massively improved and speed up
  • More improvements in iOS acquisition without jailbreak
  • ADB-based Android device acquisition improved
  • Agent-based Android device acquisition improved
  • Android apps supported or updated
    • Android OneDrive support updated to v. 5.40.4
    • Android Google Docs supported
    • Android Google Maps improved
    • Android Google Translate supported
  • iOS apps supported or updated
    • iOS Yahoo Mail app improved
    • Text extraction improved for iOS Evernote app
    • Attachments for iOS Evernote now extracted properly
    • Contacts extracted from Facebook profiles when analyzing iTunes backup
    • iOS Hangouts messenger supported (including geolocation data extraction)

Computer Forensics

  • Carving performance is significantly improved
  • Zip-based data sources analysis is massively improved
  • Carved data is no more stored in database what will also save significant amount of space for every case
  • Virus Total analysis fixed
  • Analysis of Puffin browser for Windows improved
  • LNK files analysis improvements continued
  • LNK carving and analysis of carved LNK files is significantly improved
  • Reports are improved for LNK artifacts
  • Folder names are extracted for mailboxes of Mail 163 Windows app
  • Windows OneDrive app support updated
  • Issues when creating Key dictionary for password bruteforce are fixed
  • Hex is now displayed for Jumplists and LNK files
  • Incorrect filter criteria by ‘has embedded files’ for Documents fixed

Incident Investigation

  • OpenSavePdl artifacts cleared up
  • Author field extraction fixed for Scheduled Tasks artifacts
  • Prefetch files, Shim cache and Windows Power Shell artifacts presented better
  • Origin path for Prefetch files filled
  • Data from the future extracted for Scheduled Tasks artifacts—fixed
  • Windows RDP-Related Events Log analysis supported

Remote Acquisition

  • Deployment via GPO is available again. Now there are three deployment types: local (using thumbdrive or network share), via WMI, via GPO
  • Remote agent stability improved when Server and Agent are of different versions

SQLite Viewer

  • Carved SQLite unallocated data now always shown on the corresponding page inside SQLite Viewer (it was blank in some circumstances before)
  • SQLite loading made quicker for switching between different artifacts in artifact list
  • Report creation from SQLite Viewer fixed
  • WAL records count properly shown at the bottom of each SQLite Table

Other Improvements

  • Windows Google Drive data extraction improved. Offset is now shown for Google Drive artifacts. Hex now properly highlights them
  • Video keyframe analysis for faces, skin etc improved
  • Length extraction improved for OneDrive artifacts on Windows
  • Google Consent Page fixed for Google Drive and Gmail cloud downloading
  • Incorrect count for pictures in Overview when key frames are presented—fixed
  • The “Copy files” option doesn’t work for videos from Overview—fixed
  • Search terms from cases made with previous BEC version are not displayed on Search Result tab—fixed

Digital Forensic Community