I recently signed up for a trial license to try out the new Belkasoft Evidence Center X tool.
Link at https://belkasoft.com/get
The tool is described on the product page as a "Solution to accelerate Digital Forensics and Incident Response Investigations". With the features that support the major data sets to Aquire(imaging including checkm8), Examine, Review & Analyze, and Report.
- Ran the becu.trial.fixed.x64.exe to install
- Was given an option to activate trial license online or offline which was nice if you forensic work station is on a segmented network.
- 30 days start when first installing. Interesting caveat it was noted that when reporting with the trial version only 50% of random data makes it to the report. Which makes sense for a trial license.
- Dashboard interface opens for to name and create new case
- Taking a look at the Options (settings)
- Selected create and open for new case. And the Add Data Source option opens:
- Added a Disk Image(Windows), Mobile Image (iOS), and Ram Image(Windows) I had made for practice.
- Artifact selection menu opened:
- Processing shows Dashboard of progress, and Task manager tab for tasks being ran on images
- Processing finished (shown on Dashboard) about a little less than1hr for all 3 images
- In case explorer shows device geometry for hard drive image only
- In case Explorer the tree pane shows items analyzed
- Overview tab is the analyzed count for all evidence items
- Other tabs include one for Timeline, Bookmarks, Task maanger, Remote Aquisition, and Incident Investigations
- The Incident Investigations tab categorizes the artifacts useful for intrusions and would seem to be useful for Incident Response cases (Downloads, Execution, Persistence, Recent, Eventlogs):
- The remote acquisition tab allows for a package to be generated or deployed via GPO, WMI, or via a configurable IP/port. Which would seem helpful for IR investigations.
- Search function allows for multiple kinds of searches. Results display properties if found in execution artifacts.