Author Archives: belkasoft

Comprehensive Skype chat analysis with Belkasoft Evidence Center

Call logs, SMSes, emails, social networks communications and, of course, chats in instant messengers can give you a lot of important information in a course of a forensic investigation. Let’s see how one single chat product can be examined from different aspects, each of which gives one more – unique! – part of puzzle.

In our case, the suspect had Skype installed on his laptop and mobile device which were seized and investigated with Belkasoft Evidence Center 2017.

Read more: https://belkasoft.com/chat-forensics-2016

Fighting “I have been hacked” defense

This article was inspired by an active discussion in one of the forensic listservs. Original post was asking on how to fight with an argument “This is not me, this is a malware”. The suspect was allegedly downloading and viewing illicit child photos and was denying that, explaining the fact of these photos’ presence by malicious software they presumably had. So how can you figure out whether or not the suspect’s computer has actually been subject to unauthorized activities?

Read entire article

BelkaScript: How to Get Most out of Digital Forensic Software

Digital investigator nowadays has access to a wide array of solid forensic tools. Some of them offer mobile forensics only, some help with computer or laptop analysis, some – like Belkasoft Evidence Center – support all types of devices, but the task flow and product logic is more or less fixed in every product. If an investigator faces an unusual task, it is hard to solve it within the workflow offered by a product. And unusual tasks are not that rare – we hear about them very often, just take a glance at various forensic forums.

In this article, we will discuss some real life stories that involved cases hard to solve with the standard workflow in Belkasoft Evidence Center:

  • Good Employee, Bad Employee
  • Bar Fight
  • Digging Deep Inside Photos

However, it became possible with BelkaScript, a free built-in scripting module that allows users to write custom scripts to extend Evidence Center capabilities. Scripts can be used to automate some of the routine (for example, reporting or bonding together two operations) or to extend product’s functionality for a specific situation. But it most certainly does not end there as we will now show on real-life examples.

Continue reading

Belkasoft and Guidance Software Webinar on EnCase and Evidence Center Integration

Watch the most recent webinar about how Belkasoft Evidence Center allows to enhance digital investigations!

The webinar is conducted by Guidance Software’s Robert Bond, Belkasoft CEO and Founder Yuri Gubanov, and Oleg Afonin, Belkasoft Marketing Director.

The webinar unveils some of features of Belkasoft Evidence Center and how they can be used with Guidance EnCase Software in order to provide crucial data to digital experts.

Three cases, based on real-life investigations, were shown at the webinar. Customers’ questions were answered live. The list of questions and answers will be posted in our blog in a few days – don’t miss!

To learn how Belkasoft helped to return a missing girl to her grieving parents, timely discovered a know-how leak, and outsmarted a sneaky drug dealer, watch the full webinar on our partner’s website:

https://www.guidancesoftware.com/resources/Pages/webinars/Enhancing-Digital-Investigations-with-Belkasoft.aspx

EnCase integration is available to all our customers free. You can test it using our free trial at http://belkasoft.com/trial.

Analyzing Windows Phone 8.1 JTAG and UFED Dumps

In recent months, we’ve started receiving calls from our customers asking us about extracting files and looking for evidence in binary dumps extracted out of Windows Phone 8 devices. We’ve got dozens of requests from European police departments, especially those from Germany, Italy, and the UK about extracting and analyzing JTAG and UFED-produced dumps of Windows phones. While in the past we were reluctant to work in this direction considering how small of a market share these devices had, the recently published numbers of every 10th device sold in Europe being a Windows Phone made us change our mind.

Meet the newest release of Belkasoft Evidence Center! In this release, we’ve added the ability to process, parse, and extract information stored in binary dumps of Windows Phone devices captured with JTAG or Cellebrite UFED hardware. We can fully reconstruct the original file system of the device, allowing experts to browse through the file system and view and extract individual files and folders.

Our signature discovery and analytics are also there for Windows Phone data. The updated Belkasoft Evidence Center will automatically search for, extract and analyze the many types of evidence essential for your investigation. Contacts and address books, call logs, Skype chats and communication histories in third-party messengers, browsing history and cached social network conversations are carefully extracted and added to the list of available evidence.

Read more at http://belkasoft.com/jtag-analysis

Forensic Analysis of SQLite Databases: Free Lists, Write Ahead Log, Unallocated Space and Carving

SQLite is a widely popular database format that is used extensively pretty much everywhere. Both iOS and Android employ SQLite as a storage format of choice, with built-in and third-party applications relying on SQLite to keep their data. A wide range of desktop and mobile Web browsers (Chrome, Firefox) and instant messaging applications use SQLite, which includes newer versions of Skype (the older versions don’t work anyway without a forced upgrade), WhatsApp, iMessages, and many other messengers.

Forensic analysis of SQLite databases is often concluded by simply opening a database file in one or another database viewer. One common drawback of using a free or commercially available database viewer for examining SQLite databases is the inherent inability of such viewers to access and display recently deleted (erased) as well as recently added (but not yet committed) records. In this article, we’ll examine the forensic implications of three features of the SQLite database engine: Free Lists, Write Ahead Log and Unallocated Space.

See more on our site at http://belkasoft.com/sqlite-analysis.

Belkasoft helps Croatian police solve serious crime

One morning, we received an official looking envelope with a Croatian postal stamp. Intrigued, we opened the letter. It contained a message from the Ministry of Interior Police Administration Bjelovarsko-bilogorska of Croatia. In this message, they sent us a story of a crime that was solved by the Criminal Police Department of Bjelovar, Croatia. Why did they mail us? Because they used Belkasoft Evidence Center to solve that crime.

According to the report, during February 2014 the Croatian police worked on a case they code-named “PHOTOMODELL”. During this case of child pornography, the police was trying to find evidence against a suspect. And they did! Using Belkasoft Evidence Center to search the suspect’s several hard drives, the police were able to discover solid evidence connecting the suspect with the crime. Apparently, they gathered enough evidence for the court to convict the suspect.

You can read more about this case at Belkasoft Helps Croatian Police.pdf. Have your own story to share? Send us an email!

Guidance Webinar: Questions and Answers

On March 19th, Belkasoft Evidence Center was featured in a Guidance Software webinar. This month the company is featured as a Guidance’s Partner of the Month. We enjoyed fantastic response from many attendees, and received a lot of questions during and after the presentation. Due to the limited time we could only handle a few of them, but we decided to answer all questions here in the Belkasoft blog.

Belkasoft Guidance Webinar

Belkasoft Guidance Webinar

Continue reading

Belkasoft Becomes Guidance Software Partner of the Month

We are excited to become Guidance Software’s Partner of the Month. Featured on EnCase App Central, Belkasoft Evidence Center is listed on the very first page as a “Top Rated” product and a Partner of the Month.

We have long collaborated with Guidance Software to ensure that our products integrate tightly with Guidance EnCase. We have tailored our product range to match the needs of EnCase users feature-wise and price-wise., offering no less than four editions of Belkasoft Evidence Center to Guidance customers.

Are you a Guidance EnCase user? Get Belkasoft Evidence Center from EnCase App Central.

Need a free evaluation download? Request one at http://belkasoft.com/get

Require an extended evaluation version with no demo restrictions? We are happy to offer one to select customers such as law enforcement. Request a fully featured license with no demo restrictions can at http://belkasoft.com/trial

Belkasoft Helps Find a Missing Girl

We are continuing publishing stories on how Belkasoft Evidence Center helps the law enforcement in their work. Today’s story is about a teenage girl who went missing from her parents’ home.

Continue reading