What's new in Belkasoft X v.1.14
Belkasoft X v.1.14: Run the product in a cloud and analyze cloud-based images from an Amazon S3 bucket, acquire and analyze SIM cards, access checkm8 for the newest iOS 16 beta, enjoy extended agent-based iOS acquisition and Volatility integration for memory analysis, use expanded CLI automation, import Concordance load files, and acquire VK cloud data. Other updates include Grayshift images analysis improvements, application downgrade update for Android 12, and many more.
Belkasoft Evidence Center X (Belkasoft X) is Belkasoft's flagship product for digital forensics, cyber incident response and eDiscovery.
Major updates for v.1.14:
- Running Belkasoft X in a cloud and analyzing images directly from a cloud
- Acquiring full-file system image and keychain from iOS 16 beta devices with checkm8 method
- Agent-based iOS acquisition update for iOS 15
- SIM card acquisition and analysis
- Volatility integration
- Concordance Load file import and improved filter management for eDiscovery analysis
- Expanded Automation
- VK cloud acquisition
- Analysis improvements for GrayKey images
- Archive processing performance and visualization improvements
- APK downgrade method updated for Android 12
- New and updated artifacts for mobile and computer sources (including new versions of WhatsApp, Gmail, LinkedIn and other apps)
Upgrading from previous versions of Belkasoft X to v.1.14 is free to all customers with an active Software Maintenance and Support (SMS) contract. Customers with SMS contracts that have expired or are near expiration, may review and renew from your Customer Portal.
An affordable training with an optional certification is also available including the on-demand options.
New features details
- Running Belkasoft X in a cloud. Not only run Belkasoft X software in the cloud, but also browse and analyze Amazon S3 cloud data sources right from the Belkasoft X user interface. This means that you are no longer restricted to local data sources. This also means that several investigators can analyze the same data source at the same time with the same or different analysis options.
- SIM card acquisition and analysis. SIM card acquisition, a new acquisition option, is now supported with the use of a hardware SIM card reader (e.g., this SIM card reader). Once the image is extracted, Belkasoft X will automatically add the image to your case and analyze it for various artifacts (i.e. contacts and SMS text messages).
- checkm8 for iOS 16 beta. This powerful iOS acquisition method,
based on the checkm8 vulnerability
is updated to work with even the newest iOS 16 devices. As before, a full
file system image and a keychain is acquired.
For more, read "Checkm8 review" article and watch our webinar "Full file system iPhone acquisition with Belkasoft Evidence Center checkm8 feature" - Agent-based iOS acquisition update. This is a vital method, complementary
to checkm8, since it works on devices that are not vulnerable to checkm8
(e.g., iPhone 11). With this latest v.1.14 update of Belkasoft X, the range
of supported iOS versions was expanded to 15.0 through 15.1.1. Keychain
acquisition is supported for all versions of iOS in the range of 10.3 to
14.3 and 15.0 to 15.1.1.
For more, read "Belkasoft's agent-based iOS acquisition" article - Volatility integration. With this new integration, Belkasoft extends the range of supported operating systems and the volume of detail extracted from memory dumps.
- Concordance Load file import. This new function helps our eDiscovery users to continue work in Belkasoft X for eDiscovery workflow stages that follow the Collection phase. To complete your Collection phase, export filtered files to the Concordance load file and then import this image back to a new Belkasoft X case.
- Expanded Automation. In this new release, Belkasoft supports
further analysis automation with a number of command line options. With
these new options you can automate case creation, adding a data source and
data analysis by specifying the case name, data source path and analysis
profile. Depending upon the specific acquisition hardware or software in
use it is now possible to schedule both acquisition and subsequent analysis
of the acquired image.
To remind, Belkasoft X also provides an API for analysis automation. - VK acquisition. VK is a popular social network in Eastern Europe with hundreds of millions of users. With the new version of Belkasoft X, users will be able to acquire VK cloud data such as internal chat messages for a given user, user documents, wall posts, friend lists, group lists, photos, etc.
- Analysis improvements for GrayKey images. Following our new collaboration with Grayshift, a worldwide leader in mobile data acquisition, we strengthen support for parsing artifacts found inside GrayKey images. Particularly, keychain and keystore can now be mounted automatically for automatic decryption of artifacts such as Signal messenger chats. Mounting and parsing GrayKey images have also been improved by parsing additional artifacts, etc.
- Archive processing performance and visualization improvements. Our recently introduced archive analysis feature was a huge success, and our users requested further improvements to speed up the product and make it easier to locate data originated from archives. We delivered.
- Edit and remove Advanced filters in the File System. It is now possible to review named filters created under the File System tab and edit or delete them.
- APK downgrade method updated for Android 12. The new Android OS version introduced some difficulties to the application downgrade method: some databases were found empty even after successful downgrade. The new Belkasoft X v.1.14 addresses this issue.
Mobile Forensics
- Android physical dump: only user accessible partitions copied; progress visualization improved
- Android ADB acquisition: Second authorization whilst the acquisition is not needed anymore
- Android physical / full file system acquisition methods: A number of issues fixed for rooted devices
New and Updated Artifacts
- iOS
- Apple Mail (updated)
- GeoFences extraction added (new)
- Geolocation data extracted from Facebook check-ins
- LinkedIn (updated)
- Safari favorites and sessions extraction improved (updated)
- Twitter profile's information extraction added (updated)
- WeChat (updated)
- WhatsApp (updated)
- WiFi information (updated)
- Android
- Calls (updated)
- Contacts: Notes and URLs extracted (updated)
- Evernote (updated)
- Gmail Offline (updated)
- LinkedIn (updated)
- Samsung Notes (new)
- VoIP calls via Google Duo (new)
- WhatsApp (updated)
- Yalla (new)
- Zangi (new)
- Zoom (new)
- Other
- Geolocation extracted from geotagged video files (new)
- Outgoing RDP connections extraction (updated)
- Extraction of PDF-embedded pictures (updated)
Updated User interface
- Added filtering of event logs by EventID and text
- Added filtering of SMSes by direction
- Added filtering of calls by type
- Device properties can now be copied from the File System window
- ".HFS Private Data Directory" and other system folders are now shown properly in the folder tree
- 'Show on the file system' function enabled for nested data sources
- Vmem and mddramimage types added to the list of supported memory data sources
- Offline activation is automatically suggested to a user if online activation is not successful
Issues fixed
- Fixed: Duplicated pictures whilst exporting from the Overview window
- Fixed: VSC Snapshots not parsed
- Fixed: iPhone device info shown incorrectly for GrayKey dumps
- Fixed: Connection Graph is empty in case of a global filter applied on the Artifacts window; a few other issues causing it to be empty
- Fixed: Reports look different for bubble-view chats exported from different parts of the UI
- Fixed: Data source reattachment is not available from the Artifacts tab in Evidence Reader
- Fixed: Product crash when opening a particular video for the second time
See also:
Belkasoft X 1.13
Belkasoft X 1.12
Belkasoft X 1.11
Belkasoft X 1.10
Belkasoft X 1.9
Belkasoft X 1.8
Belkasoft X 1.7
Belkasoft X 1.6
Belkasoft X 1.5
Belkasoft X 1.4
Belkasoft X 1.3
Belkasoft X 1.2
Belkasoft X 1.1
Belkasoft X 1.0
Belkasoft Evidence Center 9.9
Belkasoft Evidence Center 9.8
Belkasoft Evidence Center 9.7
Belkasoft Evidence Center 9.6
Belkasoft Evidence Center 9.5
Belkasoft Evidence Center 9.4
Belkasoft Evidence Center 9.3
Belkasoft Evidence Center 9.2
Belkasoft Evidence Center 9.1
Belkasoft Evidence Center 9.0
Belkasoft Evidence Center 8.6
Belkasoft Evidence Center 8.5
Belkasoft Evidence Center 8.4
Belkasoft Evidence Center 8.3
Belkasoft Evidence Center 8.2
Belkasoft Evidence Center 8.1
Belkasoft Evidence Center 8.0
Belkasoft Evidence Center 7.5
Belkasoft Evidence Center 7.4
Belkasoft Evidence Center 7.3
Belkasoft Evidence Center 7.2
Belkasoft Evidence Center 7.1
Belkasoft Evidence Center 7.0
Belkasoft Evidence Center 6.3.1
Belkasoft Evidence Center 6.3
Belkasoft Evidence Center 6.2
Belkasoft Evidence Center 6.1
Belkasoft Evidence Center 6.0
Belkasoft Evidence Center 5.4
Belkasoft Evidence Center 5.3
Belkasoft Evidence Center 5.2
Belkasoft Evidence Center 5.1
Belkasoft Evidence Center 5.0
Belkasoft Evidence Center 4.2
Belkasoft Evidence Center 4.1
Belkasoft Evidence Center 4.0
Belkasoft Evidence Center 3.9
Belkasoft Evidence Center 3.8
Belkasoft Evidence Center 3.7
Belkasoft Evidence Center 3.6
Belkasoft Evidence Center 3.5
Belkasoft Evidence Center 3.0
Belkasoft Evidence Center 2.0