BelkasoftProduct Family :
Belkasoft Evidence Center is designed to collect as many types of evidence as possible in a forensically sound way. Supported data types include office documents, email client mailboxes, mobile device applications and usage history, system and registry files, picture and video files, SQLite databases, social networking communications, instant messenger histories, Internet browsing sessions, webmail, P2P application data, cloud applications, MMORPG chats, encrypted files, and so on.
Major features
- All major Instant Messengers (Windows and macOS), Browsers and Email clients supported
- Image and Video files analysis for pornography, faces and text available
- Analyzed information persistently stored in the database
- Evidence stored broken by cases
- Deleted history retrieval supported
- Encase, SMART and DD images can be mounted, including Windows and macOS drives
- Live memory analysis available, including hibernation and page files analysis
- Huge cases (e.g. containing several 10Gb mailboxes) supported
- Enterprise edition allows for simultaneous work of multiple users
Tool for forensic professionals that eases their work on analyzing Internet Messengers histories, Browsers histories and various mailboxes. Supported Instant Messengers: ICQ versions from 97a up to ICQ 6, MSN Messenger, Yahoo! Messenger, &RQ, Miranda, Skype, MySpace IM, SIM, QIP, QIP Infium, Trillian, AIM, Digsby, Rambler Virtus, Mail.Ru Agent. Supported browsers: Microsoft Internet Explorer, Mozilla Firefox, Opera, Google Chrome. Supported mail clients: Microsoft Outlook 2003, 2007, Outlook Express, RITLabsThe Bat!
No password required. No need to be logged as history owner. No need to have messenger/browser/mail software installed. No need to have write access to a disk.
Search is supported – simple search by word or phrase and advanced search using a file with the suspect word or using a regular expression which is very useful when searching various words forms or phrases with fuzzy structure.
The product can search installed messengers and history files on your computer as well as on mapped network drives (including Encase mapped drives). Thus you will find history files even in case you haven’t installed messenger.
It is possible to work with several histories at a time. Per-session bookmarks are supported.
Belkasoft Forensic Studio allows you to extract analyzed history into such formats as plain text, HTML and XML.
Below is a list of main features of this bundle:
- Instant Messengers: support for ICQ (all versions from 97a to ICQ 6.5), Microsoft MSN/LiveMessenger, Skype, Yahoo! Messenger, MySpace IM, &RQ, Miranda, SIM, QIP, QIP Infium, Google Hello, Trillian, QQ (version 2008 and earlier), AIM, Digsby, Rambler Virtus, Mail.Ru Agent
- Browsers: support for Microsoft Internet Explorer, Mozilla Firefox (all versions), Opera, Google Chrome
- Mailboxes: support for Outlook 2003, Outlook 2007, Outlook Express, RITLabsThe Bat!
- No password required
- No, write access required (you can use the product with write-blocking devices)
- Search for installed profiles
- Intellectual search for history files in folders other than default history folders. Search can be performed on all computer’s drives as well as on mapped network drives (including Encase mapped drives). Thus you will find history files even in case you haven’t installed messengers.
- Export extracted history into various formats – text, HTML, XML, CSV. You can constrain export by contacts and dates chosen
- A simple search through history and advanced search using a file with a set of words to search. Experienced users can benefit from searching by regular expressions, which are great when searching for templates or phrases with fuzzy structure
- Found results can be exported to the text, HTML and XML file
- The work with multiple opened histories is supported (e.g. you can search through multiple histories)
- You can filter extracted results by various criteria (by the absence of history, by the first letter, by several letters)
- Per-session bookmarks allow you to quickly navigate between messages sent by different people (and even via different profile)
Belkasoft Forensic IM Analyzer
Forensic IM Analyzer is the most affordable edition of Belkasoft Evidence Center, making it easy for an investigator to search and analyze chats and analyze instant messenger communications occurring in a wide range of messengers.
Supporting more than 80 instant messengers for Windows, macOS and Linux, Forensic IM Analyzer can automatically discover the location of instant messenger logs, histories, databases and contact lists, analyze chats and instant messenger communications and generate reports that are presentable in the court.
Major features
- FAT and NTFS supported
- A number of IMs and browsers supported
- A unique feature of carving NTFS fragmented or compressed drive is implemented
- Export to text, HTML and XML formats