All-in-one forensic solution for acquiring, extracting, and analyzing digital evidence stored inside computers and mobile devices
Trusted by the police around the Globe
Used by thousands forensic experts and police departments from more than 70 countries worldwide
Evidence Center features
- Fully automated acquisition, extraction and analysis of 700+ types of evidence.
- Destroyed and hidden evidence recovery via data carving.
- Live RAM analysis.
- Cloud data downloading and analysis.
- Advanced low-level expertise.
- Concise and adjustable reports, accepted by courts.
Types of evidence supported by Evidence Center
- Office documents.
- Email clients.
- Pictures and videos.
- Mobile application data.
- Web browser histories, cookies, cache, passwords, etc.
- Chats and instant messenger histories.
- Social networks and cloud services.
- System files, including jumplists, thumbnails and event logs.
- Encrypted files and volumes.
- Registry files.
- SQLite databases.
- Peer-to-peer software.
- Plist files.
- Geolocation data.
- Payment systems and crypto currencies.
Types of analysis performed by Evidence Center
- Existing files search and analysis. Low-level investigation using Hex Viewer.
- Data carving and destroyed evidence recovery.
- Live RAM analysis including process extraction and data visualization.
- Cloud data analysis.
- In-depth Volume Shadow Copy support.
- Hibernation file (hiberfil.sys) and page file (pagefile.sys) analysis.
- Native SQLite analysis with freelist and WAL support.
- Discovers deleted SQLite records, e.g. Skype conversations or WhatsApp messages.
- Picture analysis including EXIF and GPS analysis, face/test/pornography/forgery detection.
- Video key frame extraction.
- Analysis of social communications with Social Graph Builder module.
- Malware and suspicious processes detection.
- Encryption detection.
- Special files and folders analysis (e.g. Volume Shadow Copy, $OrphanFiles, $MFT etc.).
- Hashset analysis.
- Flexible analysis with BelkaScript, free scripting module.
- Advanced search and data filtering, more than 20 types of predefined search (card and telephone numbers, names, suspicions words, etc.).
Evidence Center works with the following data sources and file systems
- Storage devices - Hard drives and removable media.
- Disk images - EnCase (including Ex01), L01/Lx01, FTK, DD, Smart, X-Ways, Atola, DMG.
- Mobile devices - Mobile backups, UFED dumps, chip-off and JTAG dumps.
- Virtual machines - VMWare, Virtual PC, VirtualBox, XenServer.
- Volatile memory - Life RAM dumps; fragmented memory set analysis with BelkaCarving™.
- Memory files - Hibernation file and Page file.
- Unallocated space - Data carving discovers destroyed evidence.
- Network traffic - PCAP files.
- File systems – FAT, exFAT, NTFS, HFS, HFS+, ext2, ext3, ext4, YAFFS , YAFFS2.
Evidence Center helps investigate the following systems
- Windows (all versions, including Windows 10).
- Mac OS X.
- Unix-based systems (Linux, FreeBSD, etc.).
- iOS: iPhone, iPad.
- Windows Phone 8/8.1.