Typical Belkasoft X workflow

The standard product workflow is as follows:

Case creation
Acquisition
- Acquiring a mobile device or a computer drive
- Downloading cloud data
- Creating RAM dump
Adding data source to the case
- Adding one or multiple dumps acquired by Belkasoft X
- Adding image or dump created with third-party tools
- While conducting live forensics one can add a physicalor network drive, including the drives inside write-blocker devices
Artifact extraction and review
- Out of the box recovery and artifact extraction for 1500 + various applications and formats
- Search for files matching the specified hashset database
- Carving of deleted data from allocated or unallocated space, RAM, slack space and so on, including carving by custom signatures
- Deduplication of pictures using PhotoDNA technology
- Bookmarking data of interest
Analysis
- Search for faces, guns, pornography, skin, texts on pictures
- Link analysis and Communities detection inside Connection graph
- Low-level analysis of databases and other files in Hex Viewer, SQLite Viewer and other low-level viewers
- Locating data of interest inside indexed texts using keyword or GREP search
Reporting
- Creating report in multiple available formats such as HTML, PDF, Word, Excel and others
- Exporting entire case or its contents to a portable case using Evidence Reader feature

Belkasoft X workflow in detail is described in the following chapters.