What's new in BEC v.7.5

What's New in Version 7.5

Version 7.5 of the world's leading digital forensic tool Belkasoft Evidence Center offers a revamped user interface and a pack of new extraction and analysis functions.

DOWNLOAD A TRIAL
REQUEST A QUOTE

Upgrading to version 7.5 is free of charge to all customers with non-expired Extended Software Maintenance and Support contracts. File System module can be purchased separately.

Customers without the contract can purchase it from the Customer Portal. Affordable User Refresher Course is available for those who would like to catch up all recent improvements.

Below you can find major changes in the new version.

Major new functions of the product

  • Encrypted iTunes backups supported
    • Password known: The product allows you to enter a known iTunes backup password and decrypts it, then extracting all supported artifacts, such as email, browser history, chats and mobile apps data
    • Password unknown: BEC now allows you to decrypt the backup password by just selecting Decrypt menu (additional Decryption module is required)
  • New User Interface
    • User interface revamped and made more modern and nice-looking.
    • Customizable theme added: you can select from one of multiple visual themes
    • Filters are completely redesigned and made more intuitive
  • Evidence Reader now runs without Administrator rights. A lot of customers requested this feature to allow less privileged users to work with exported case. Note though that some features may not work without admin rights (such as mounting images used during the extraction or viewing a data source or a partition in HexViewer)
  • More email support
    • MSG emails analysis supported
    • EML emails analysis supported
  • Photo Forgery Detection module massively updated. New types of analysis added, reports made more intuitive
  • Integration with Passware Kit Forensic updated. Now BEC works with the latest version of PKF 2016 what enables customers to decrypt more file formats
  • Google maps clustering added. When you have lots of geo-enabled artifacts at the same piece of the map, they will not make a mess anymore. Instead, close items are grouped into single mark which is ungrouped when you zoom the map in
  • As usual, each new BEC version comes with hundreds of new or updated artifact formats. See below for more detailed information.

User Interface

  • Open Case dialog keeps user-entered values between switching tabs
  • Checkboxes for all kind of artifact lists introduced enabling to run reports with custom selection
  • Pictures can be analyzed from artifact list with filters applied (only filtered items are exported)

SQLite Analysis

  • Unallocated space is processed more effectively now
  • SQLite databases with huge freelists (up to 95% of entire database size) can be processed now
  • Stability and performance improved for large SQLite files

File System Explorer

  • When copying or exporting files from the case to a local machine, timestamps are preserved now
  • Native exFat support added.
  • More timestamps are extracted and shown in the File List, in particular, times specific to NTFS, HFS and ext file systems
  • Problem in multi-file AFF disk image mounting fixed
  • Incorrect FAT time in File List fixed

Chat Support

  • Viber support updated
  • Skype video messages extraction added

System File Support

  • Windows 10 jumplists analysis updated
  • Network connection extraction supported for iOS and Android
  • Visualization of values in Registry Viewer fixed
  • Added support of last plug/unplug date for USB devices

Browser Support

  • Safari analysis performance improved
  • Performance issues and several other problem in Chrome fixed
  • Credit card extraction for Chrome added
  • Firefox and Opera support updated
  • Timestamps extraction for Firefox passwords added
  • Visit count for Chrome and Firefox fixed
  • Password extraction for mobile Chrome fixed

Email Support

  • Outlook 2016 support improved

Mobile App Support

  • RichNote mobile app supported
  • Incorrect extraction of direction and from/to for iOS Tinder fixed
  • Odnoklassniki mobile app support updated
  • Profile search of Twitter app improved

Encryption Detection

  • BEC can now robustly detect TrueCrypt files

Reporting

  • Data from any artifact list can now be exported "as is" without sorting by time (helps to see correct sequence of artifacts when they do not have time and need to be exported at the same order as in a database)
  • Fixed occasional duplicate saving of attachments when generating reports

Carving

  • Improved parsing of OLE carved files
  • Facebook carver improved
  • Incorrect extraction of carved Facebook sender ID fixed

Other Important Improvements

  • Usage of third-party "ImDisk" app is disabled by default. ImDisk was previously used to mount images, but on newer Windows it sometimes leads to blue screen. Belkasoft developed its own mounting engine which is now used in BEC, but if you for any reason need to use ImDisk instead, you can switch this option on General tab of Options window. Do not forget to install ImDisk in this case: Belkasoft does not install it anymore by default
  • List of supported video formats extended (in particular, iOS .mov files can be found now)
  • Crash during search result navigation fixed
  • Out of memory during export of large search results fixed
  • GUI freeze fixed for a case when search results extensively updated
  • Array processing and visualization in PList viewer improved
  • Missed VHD disk image option in German version added
  • All metadata fields for documents and pictures extracted
  • FireFox typed urls extraction improved
  • Partition selection fixed for physical drive
  • Infinite loading in File Tree fixed
  • In some cases Physical drive size were calculated incorrectly - fixed
  • "Save to folder" functionality fixed for File System Explorer
  • Sometimes HexViewer doesn't show file content - fixed
  • Encrypted document list refreshed properly when decryption finished
  • Sometimes carving of hiberfil.sys failed - fixed
DOWNLOAD A TRIAL
REQUEST A QUOTE