What Our Customers Are Saying

One of our customers has a great write-up (in Spanish) about Belkasoft products. Do check it out!

http://javier-tobal.blogspot.com.es/2013/07/belkasoftforensicsumario.html

We asked Javier for a brief summary of his post in English, and he kindly provided us with one. His main points are:

Executive summary

I say it is powerful and worth it’s price, especially if you are doing forensic reports with large data sources. Compared to EnCase, it is four times cheaper, but EnCase is more popular and support EnScript. EnCase could be a better purchase for a lab where there are several technicians working.

Advantages of Belkasoft Evidence Center:

  • Easy to use, coherent.
  • Well organized. Easy to work with multiple cases and multiple bits of evidence in every case.
  • Fast, especially for evidence sets of under 10 GB. From this size up, the speed will depend on the system performance.
  • Support for thousands of different types of evidence. Including exotic instant messengers from Russia, China or Korea.
  • Memory dump support, carving feature.
  • Easy to combine with manual processing thanks to the way the program reports physical data location (in files and volatile memory), hexadecimal view, etc.
  • Comfortable for advanced users: multi-threading, multiple monitor support.
  • Easily finds hidden evidence. Although sometimes “false positives” appear.

“Nice to have” features in my opinion:

  • Export directly from hexadecimal viewer to a file, when reviewing memory dumps, for example.
  • Integrated SQLite viewer.

Cons, defects:

  • Spanish translation is horrible. I would prefer English than “bad Spanish”
  • Time consuming taks appear to crash the software even it doesn’t really. I would take care of Windows event response to make the software alive during this tasks.
    (Note from Belkasoft: this was written before version 5.3 was released. We fixed this behavior in 5.3 already, and currently Belkasoft Evidence Center is at v.5.4).
  • Once (in 2 weeks) the program crashed. I was analizing a 100GB disk and carving data while generating reports…
    (Note from Belkasoft: same thing here. Most stability issues have been addressed in version 5.3).
  • Disk requirements are huge. For 100GB analysis it required 28GB of disk space.
  • Data from Memory dumps, hibernation file and pagefile.sys can not be exported directly from the tool. It would be nice if It is possible to do this from the hex viewer.
  • It does not find information contained inside virtual machines. This is an issue because VMs are becoming popular for non-skilled users.
    (Note from Belkasoft: version 6.0 will include support for all popular virtual machines).
  • It does not support “ubuntu one” cloud service (quite popular in Spain).
  • Hash algorithm (MD5) is obsolete. I won’t say it is old but It is better to support SHA-2 family (256,e tc).

System Configuration

In short, I recomend the following:

  • purchase license and yearly support
  • desktop system, better than laptop
  • fast SATA disks
  • don’t install using a VM
  • fast external disks (USB 3, ESATA, etc.)
  • MS SQL Server better than SQLite
Advertisements
Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: