Product News

Product News

Belkasoft Evidence Center 5.4. In-depth discovery of what's new


The latest release of Belkasoft Evidence Center came with a host of new features.

In a word, the Timeline is a new view adding the convenience of combining all activities and communications of the suspect as well as many system events into a single aggregated view.

The Timeline makes investigating events that occurred over a certain time period much easier. By switching to Timeline view, investigators can now access all user activities and system events discovered during the analysis of a huge number of sources in a single aggregated view.

You can either review all activities occurring over a certain period of time or specify a filter. Filtering events in the Timeline view makes it possible to find essential information much faster. For example, you may want to only view suspect's communications in social networks.

You may add messages sent and received via instant messaging applications in a couple of clicks. In a word, the Timeline allows searching for certain types of events of including only selected types of data.


Searching for Evidence over a Certain Time Period


If you are interested in certain specific events occurring over a certain time period, you can easily use a combination of filters specifying the date range and displaying records that include your search string(s).

With case-sensitive, full-text content filtering, you can easily search for events meeting certain criteria or containing certain key words. Timeline filters are stackable, so you can specify a number of conditions that an event must meet in order to make it to the Timeline view.


Recover Destroyed Evidence from Skype Logs and SQLite


One major feature added to Evidence Center 5.4 is the ability to investigate SQLite databases by using native processing. This new feature allows Evidence Center users to parse even badly damaged, fragmented and incomplete databases such as those resulting from a carving attempt.

The benefit for the user is enormous: native SQLite parsing allows recovering evidence from deleted and partially wiped databases, helping, for example, to recover much more information from destroyed Skype logs.


Native SQLite Parsing with Freelist Support


The newest release gets rid of third-party SQLite libraries, enabling fully native SQLite parsing. This native parsing allowed us to implement a new trick: SQLite freelist processing.

Did you know that records deleted from an SQLite database are not erased immediately, but are placed into a so-called "freelist"?

This is exactly what allows our new SQLite engine to access deleted records in SQLite databases. What can you find there? With many communication tools using SQLite to keep their histories, you can recover deleted chat logs, such as Skype messages, and access cleared histories, such as deleted iPhone SMSes.


New Free Tool: IEF Evidence Processor Module for EnCase v7


The IEF Evidence Processor Module for EnCase® integrates IEF with the EnCase v7 Evidence Processor. This new free tool streamlines case workflow by allowing investigators to run Magnet IEF Standard from within EnCase.


Download the Tool


If you already use IEF you can download IEF Evidence Processor Module for EnCase v7 directly from the Magnet Forensics website

EnCase users who don’t currently own a license for IEF can download a free 30-day trial or the full version of IEF with the IEF Evidence Processor Module for EnCase v7 from EnCase App Central.


F-Response September Updates


These are F-Response September Updates:


F-Response Cloud Forensics and Incident Response Whitepaper

Investigations on Cloud Hosted servers is actually very simple. To that end F-Response has put together a whitepaper on "Cloud Forensics with F-Response" and has posted it on their Mission Guides and Documentation page. The whitepaper covers the general concept, how to leverage tools like F-Response, X-Ways Forensics, and USB-Over-Ethernet to provide top shelf investigative services to remote virtual machines and environments. They even include an example using cloud servers hosted at Rackspace. However, the example is very straightforward and could be readily adapted to other providers (Amazon, HP, Azure, etc).


F-Response Boot CD Preview

F-Response has uploaded the new Boot CD to the website, you'll find it labeled "Preview F-Response Boot CD v2" on the Downloads page for your license.
F-Response has added a number of new kernel modules, updated the Linux kernel to the 3.x series, and restored the same simple boot CD process we put together for the first F-Response Boot CD a few years ago. In addition, while F-Response can't promise it will work in every situation, the responsibles did come across a number of Apple based systems that booted fine with this boot CD, of course your results may vary, but it's certainly worth a try.


Ditto has been updated


Now, CRU has announced a new Ditto firmware release, that includes the following features:

  • E01 NULL Block Compression
  • Network file system types to include CIFS/SMB/SAMBA
  • System Verify
  • Support for Clone and Image E01 in one pass
  • Export/Import Configuration Profiles



New UFED Logical/Physical Analyzer. Update today!


UFED Physical Analyzer - Decoding Highlights


155 new device profiles
Decryption of encrypted emails from Apple devices running iOS 5.0 and above Faster decryption and better handling of large encrypted iTunes backup files.
 Decryption of the WhatsApp database available in BlackBerry devices running OS 5 and 6 Decryption of REMF media files Imprved decoding of BBM attachments.
Samsung M9xx family and Motorola devices with NVidia chipsets –enhanced decoding support.
Nokia Symbian
Enhanced decoding including IMEI, IMSI, wifi networks, installed apps, notes and more.

UFED Physical/Logical Analyzer - Functionality Highlights


Maps – View all extracted locations using Bing Road or Bing Ariel maps, embedded within UFED Physical/Logical Analyzer. The locations are presented with an icon displaying the location type.

Filter the locations based on multiple attributes including date and time and location type. The maps function is free of charge, requires internet access and is only available to UFED Physical/Logical Analyzer users with a valid license.

Rather than verifying complex passcodes one by one, UFED Physical Analyzer enables users to brute-force complex passcodes based on a dictionary created in advance. Supported Apple devices*: iPhone 2G/3G/3GS/4, iPad1, iPod Touch 1G/2G/3G/4G, iPod Nano 5G.

Download Now


F-Response 5.0.1 Updates to the Dropbox Connector, Flexdisk, and more


We are very pleased to announce the release of F-Response 5.0.1. In this release we address a few issues and add additional support and platform improvements.  


A complete listing of the release notes can be found in our manual, however we've highlighted the main updates below:

  • F-Response Cloud Connector (Dropbox)

    • Updates to the Modified datetime display to correct a one month skew. Previous release indicated dates that were one month prior to the correct date, January dates returned no data.

  • Updates to the F-Response HPUX 11i platform executable

    • New support for logical volume detection within HPUX 11iv2 and v3.

  • Updates to the F-Response Enterprise Management Console

    • Better handling for remote targets that use a non-standard Windows system root and root drive letter.

  • Updates to the F-Response Flexdisk

    • Modifications to present Alternate Data Streams (JSON encoding method only).

    • Higher resolution datetime values (where possible) are now provided in addition to existing unix timestamp values. 

    • Updated Flexdisk API documentation.


Magnet Forensic's new free tool


Magnet Forensics has released a new free tool that converts the X-Ways® generated TSV file into the TLN file format which can be loaded into the IEF Timeline Viewer for visualization. More information.


IEF Wins Computer Forensic Software Tool of the Year


Magnet received the Forensic 4cast award for “Computer Forensic Software Tool of the Year” for Magnet IEF Standard.



Belkasoft Evidence Center 5.4: Exciting New Features


The new release v.5.4 offers a list of new features, functionality and usability improvements. Your reseller discount applies to all versions and editions of Belkasoft Evidence Center.

  • Forgery Detection Plugin: Automatic detection of altered digital photos.
  • Live RAM Defragmentation: More info out of RAM dump.
  • Registry Analysis: Automatically locates and parses registry hives.
  • Timeline: All discovered evidence in a single view.
  • Native SQLite Parsing: Analyzes destroyed evidence including deleted or partially wiped Skype logs.
  • SQLite Freelist Support: Ability to recover deleted iPhone SMSes.


ElcomSoft Adds Physical Acquisition Support for iPhone 5 & iPad 4


ElcomSoft Co Ltd. updates iOS Forensic Toolkit, enabling physical acquisition of jailbroken iOS 5 and iOS 6 devices including iPhone 4S and 5, iPad 2, 3 and 4, iPad Mini as well as the last generations of iPod Touch. Support for iPhone 4S and 5 has been highly demanded by forensic customers. By enabling physical acquisition of last-generation Apple devices, the updated Elcomsoft iOS Forensic Toolkit makes forensic analysis of these iOS devices once again a feasible enterprise.

In addition, the latest release of iOS Forensic Toolkit automates the acquisition of jailbroken devices, getting rid of previously required manual steps, reducing required manual interaction to absolute minimum. Finally, the acquisition of legacy devices is now completely automated with automatic detection of devices being connected.

Elcomsoft iOS Forensic Toolkit continues providing unrestricted support for legacy iOS devices such as iPhone 4 and earlier regardless of the iOS version they are running. Passcodes protecting these legacy devices can be recovered; however, physical acquisition can be carried out in somewhat limited mode even without a passcode. However, physical acquisition support for last-generation iOS devices is subject to certain technical limitations.

iPhone 4S and 5 as well as the last generations of iPad devices can only be acquired if already jailbroken, or if the investigator is able to jailbreak the device. At this time, non-jailbroken devices that are locked with an unknown passcode cannot be acquired, which does limit this tool’s scope of use.

Passcode recovery speed on jailbroken iPhone 5 devices is increased to 15.5 passcodes per second, allowing iOS Forensic Toolkit to break typical 4-digit passcodes in about 10 minutes.


Internet Evidence Finder (IEF) v6.1: Understanding the New “Editions” and Licensing Options


With the launch of IEF v6.1 Magnet has added a host of new features. They listened to feedback from their customers and delivered a great new set of mobile device forensic features as part of the new IEF Advanced Edition. Also driven by customer feedback is the addition of the new network licensing option that makes it easier to manage IEF across multiple locations. Magnet tried to organize these new features, editions and licensing options to provide customers with added flexibility and choice, but we realize that new options can also cause a little confusion. So here’s a quick rundown of how the licensing works for each of these new offerings.

IEF v6.1 – IEF Standard, IEF Advanced or IEF Triage

  1. IEF Standard – Recover 230+ unique Internet artifacts from Windows or Mac file systems. Pricing for IEF Standard Licences starts at $999.
  2. IEF Advanced – IEF Advanced includes all IEF Standard features and adds the ability to recover 125+ mobile Internet artifacts from iOS & Android powered smartphone/tablets. Pricing for IEF Advanced Licenses start at $1499.
  3. IEF Triage – IEF Triage is a portable solution that brings the power of IEF Standard into the field. Designed to run directly from the USB thumb drive on a target computer. IEF Triage is particularly valuable for running on-scene quick searches in the field, taking a live RAM capture, and checking for disk encryption. Pricing for IEF Triage Licenses start at $1350.

Current IEF Customers – As a special thanks to its loyal customers, Magnet decided to give a free upgrade to IEF Advanced to all existing IEF Standard and IEF Triage customers, with an active SMS contract. They want you to be able to take advantage of all the new mobile forensic features without having to purchase a new IEF Advanced License. Thanks for your support and please keep sharing your ideas and feedback.

New Customers – New customers can choose from IEF Standard, IEF Advanced or IEF Triage depending on which edition best meets your needs and your budget. For customers considering IEF Standard or IEF Advanced but who would like the flexibility to be able to also do live system investigations Magnet is now offering Triage bundles that allow customers to add Triage capability to an IEF Standard or IEF Advanced License without having to buy and maintain a separate Triage license. Pricing for the Standard-Triage Bundle starts at $1549 and pricing for the Advanced-Triage Bundle starts at $1999.



Tableau Firmware v7.04 Released


The latest Tableau Firmware v7.04 release is now available. This release introduces the following changes for the TD3 Forensic Imager, T35689iu Forensic Bridge and the TFU application:

TFU Application Update

  • You can now manually hash a TD3 SD card. Click the menu item TD3, then click Hash TD3 Cards.

TD3 Updates

  • The TD3 NAND flash has been updated to v1.
  • The NAND flash now supports ECC.
  • The TD3 start up splash screen now displays the NAND flash version when booting without an SD card.
  • The issue where TD3 fails to boot and displays a blank LCD screen, due to a corrupt NAND, has been resolved.
  • The issue where TD3 prompts the user to enter a serial number, due to a corrupt NAND, has been resolved.

T35689iu Updates

  • The T35689iu firmware update process is now much faster.
  • T35689iu LEDs now indicate activity during the firmware update process.
  • T35689iu now reports the same serial number to TIM and TFU.
  • The ability to maintain connection with SAS drives has been improved.
  • Support for USB devices with non-512B sector sizes has been added.
  • Detection of MacBook Pro devices in FireWire target disk mode has been improved.
  • A MacBook Pro connected in target disk mode now appears properly in TIM.
  • Intermittent detection of certain FireWire storage devices has been resolved.
  • Windows 8 now detects T35689iu properly over USB 3.0.

All users of these Tableau devices are advised to apply this update.



EnCase Version 7.08 will be available in the beginning of August


EnCase Version 7.08 will be available in the beginning of August. EnCase Version 7.08 contains many updates and enhancements based on feedback raised from customers around the globe.

Here are some of the highlights:

Evidence Processor Manager
Evidence Processor Manager allows for distribution and control of evidence processing for one or more EnCase Examiners or EnCase Processors. Every license of EnCase Forensic comes with an additional dongle for an EnCase Processor node. This allows the investigator to process on one machine, while examining on another. With Evidence Processor Manager, investigators will be able to distribute, prioritize and control processing within farms of EnCase Processors.

SAFE Configuration Package
Have you ever needed to migrate a SAFE from one environment to another? (e.g. for disaster recovery/planning) It's possible, but can be time consuming to migrate keys, user accounts, roles and permissions from one SAFE to another. We're simplifying this process through creation of a SAFE configuration package. This package exports the entire configuration of the SAFE and may be used to configure another SAFE for everything except for the machine specific setup.

Decryption Support Updates
Support for decryption (with credentials) of the following products will be updated:

  • McAfee Endpoint Encryption v7
  • Sophos Safeguard Enterprise and Easy v6
  • Check Point Full Disk Encryption for PC v8

  • Check Point Full Disk Encryption for Mac v3

  • OS X FileVault 128-AES

Windows ReFS Support
EnCase will parse and investigate devices using Windows Resilient File System (ReFS).

Solaris Volume Manager Support
EnCase will reconstruct logical volumes created with Solaris Volume Manager (SVM).

File Carver Enhancements
Several enhancements have been made to the File Carver module to improve the quality of carved results. In particular, JPEG images will be carved more comprehensively, with less reliance on default file types and sizes. Carved files will also be named with more information on the file itself, and the physical offset of where the file was carved from.

Evidence Processor Workflow Improvements
File Signature Analysis will not longer be required.
Recover Folders will be capable of being run on initial processing or subsequent processing.

Hash Set Management Improvements
EnCase will now allow investigators to view contents, search, and delete items from Hash Sets.

OS X Disk Image Format Support
Improving on our existing OS X investigation capabilities has been a priority for EnCase over the past 12 months. We are continuing these efforts with adding support for:

  • DMG, Sparse DMG and Sparse Bundles

  • Support BZIP and ADC compression for DMG images

Usability Improvements
We've been absorbing feedback from the v7 User's Group and are rolling out enhancements driven directly by you:

  • Adding columns to Bookmarks and Search views (description, unique offset, received, sent, URL host, TruePath, HasAttachments...+more)

  • Create LEFs from Results view

  • Hot keys for Tags

  • Improved handling/representation of alternate body email attachments

Stay tuned for more information nearer the release date.



Tableau Firmware Update v7.03


TD2 Updates

These are TD2's updates:

  • Destination support for the exFAT file system, which supports large files over 4GB, has been added.

  • When wiping two disks simultaneously, both are now wiped to completion.

  • Disk spanning behavior is now more robust.

TD3 Updates

These are TD3's updates:

  • Destination support for the exFAT file system, which supports large files over 4GB, has been added.

  • UI including menu icons, layout, and flow has been redesigned.

  • You can now set DCO on your destination media for Disk to Disk duplication.

  • You can now image from an iSCSI share.

  • The iSCSI administration UI has more options and is more intuitive than in previous releases.

  • You can now configure a static IP.

  • You can now connect multiple source devices and select which one to image.

  • EnCase Ex01 is now supported.

  • TD3 can now acquire media with a non-512B sector size.

  • The "_" key has been added to the virtual keyboard.

  • TD3 offers improved handling of cases where source media is larger than destination media.

  • The HPA/DCO removal UI is more consistent.

  • CIFS is set as the default destination when it is the only destination.

  • TD3 can now mount CIFS shares greater than 4TB.

  • The issue of TD3 failing to image to a FAT32 iSCSI share that is greater than 250GB has been fixed.

  • The issue of a prior iSCSI session not disconnecting when starting a new iSCSI session has been resolved.

T35u Update

These are T35u's updates:

  • Windows 8 now detects the T35u properly over USB 3.0.

If you need to purchase a Tableau hardware or you have questions about this release, please contact us.



F-Response version 5.0.0 released


The start of the five series of F-Response includes a number of new enhancements to the F-Response product family, including: Additional F-Response Cloud Connector (Patent Pending) platform support, including Google Drive, Dropbox, and Skydrive. Additional "Premium Services" for F-Response Consultant Edition and above includes support for Google Apps for Business Drive accounts. 

Improved F-Response Email Connector(Patent P ending) platform support, not only improvements to managing Google Mail, throttling, and IMAP, but also new "Premium Services" for F-Response Consultant and above that includes support for Office 365 using Native Microsoft Exchange technology.  

In addition to the platform support additions, all the F-Response Connectors have been updated with additional stability and performance modifications.    

Interested in Windows 8? F-Response v5 has been thoroughly tested on Windows 8 and Server 2012, both as a target and as an examiner.  Ready to get F-Response 5.0.0? Head to the Downloads page to get started today!


XRY version 6.6


XRY has made a new release and we thought you'd like to know about it. For full details please download the
Release Notes >>

What's New in this Update?

  •  9,540 device profiles now supported.
  •  Bypass selected Samsung and HTC Androids lock codes.
  •  Improved decoding of deleted data for SQLite databases.
  •  Faster Android physical extractions.
  •  Automatic identification of Android devices.
  •  170 additional CDMA phones available for redecoding.
  •  Spreadtrum dumping and decoding.
  •  Improved decoding of additional MTK devices.

Download XRY version 6.6 
You can download the latest version of XRY from XRY Customer Portal, use this link Log-in >>

Not used XRY Customer Portal before? 
If you have not signed up for your login please email us here to get yours. Contact Me>>


Magnet Forensics has developed a new free tool for examiners that use both EnCase® and IEF


The global leader in the development of forensic software for the recovery of Internet artifacts, recently collaborated with Guidance Software to develop an integration between Internet Evidence Finder™ (IEF) and EnCase® v7, the IEF to EnCase® Connector.

This new connector enables investigators that use both EnCase® and IEF to initiate IEF searches from within EnCase® and easily import the resulting IEF artifacts into EnCase® for comparison with other relevant case data. The IEF to EnCase® Connector integration is now available for download free of charge on the Magnet Forensics website at


UFED Release Notes


UFED Touch and UFED Classic

Samsung Galaxy S4 and HTC One Support

In April, two of the most anticipated Android devices launched into the market, Samsung Galaxy S4 and the HTC One. UFED is the first and only tool in the industry to enable:  Logical extraction from selected devices:
– Logical extraction, file system extraction with user lock bypass, and decoding are now supported  Enhanced Device Support Physical extraction and decoding while bypassing user lock for devices running any Android OS version, using proprietary client software.

Note: UFED Classic users must update EPR
Alcatel devices – Physical extraction while bypassing user lock and decoding, are now available for additional selected Alcatel devices using UFED CHINEX.  Physical extraction can be performed by selecting the specific model or by selecting one of the two generic options:

  • The Alcatel generic options can be used for devices which are not included in the device list, but can be extracted using the same method.

  • Each generic option covers different families of devices and therefore the two options should be used in sequential order.

LG devices – Physical extraction while bypassing user lock is now available for selected LG devices During the extraction process, the device boot partition is replaced without affecting the user partition. Decoding will be added in the future.
Note: UFED Classic users must update EPR

Logical Extraction HTML Reports - UFED HTML report output is enhanced and split to handle large outputs with various multimedia types


The UFED Link Analysis user interface now available in 10 languages


The UFED Link Analysis user interface is now available in 10 different languages: Chinese, Dutch, French, German, Hebrew, Italian, Japanese, Portuguese, Russian and Spanish. You can select your own preferred display language from the application settings. The language selection will be saved for future sessions as well.

Download now


ACE Laboratory Technical Support Centre is launched

To provide faster and more efficient Technical Support to our valued users we are glad to introduce a new way of getting Technical Support – ACE Laboratory Technical Support Centre. It is CRM online system that ensures more convenience, quicker help, transparency and proper order of your requests to our Technical Support.

New Technical Support Centre enables you to:

  • exchange messages with our technical support department faster and easier using just one e-mail
  • get help not from one engineer whom you have contacted and wait for your turn, but from anyone out of five engineers who is available at the moment
  • solve your cases using in-built live chat
  • solve your cases through in-built remote screen access software
  • search for and get useful information from our knowledgebase
  • track the status of your cases and keep all your messages saved in one place
  • modify priority of your cases to sort them according to their urgency for you

Right now we are testing this system and we will be thankful for your feedback.

We ask all Technical Support users to get registered in it to start receiving Technical Support help from us faster.

To pass the registration, go to . There are four ways to get registered:

1) Click “Register” button
2) Click “Submit a Ticket” button
3) Click “Live Support Online”
4) E-mail to

In all four ways, your login will be your e-mail account. You can always change your password in your profile.

All previously registered user accounts are kept saved in our system, it is recommended to register one of your e-mail accounts, thus it will be easier for you to trace all your communication with our Technical Support.


New UFED Physical/Logical Analyzer 3.7 - Update today!


New UFED Physical Analyzer decoding capabilities

  • More than 500 new devices added – Enhanced decoding for Android, iOS, BlackBerry, Nokia, feature phones and Chinese manufactured devices.
  • Exclusive – Symbian database support:
    • Decoding of intact and deleted contacts, SMS, MMS and call logs.
    • Decoding support for multilingual content.
  • iPhone – Deleted apps list recovery
  • Android password carver – The carver was developed by CCL Forensics and integrated by Cellebrite into UFED Physical Analyzer. The new plug-in enables recovery of numeric password from an image file extracted by UFED, JTAG, Chip-off or other tools.


UFED Physical/Logical Analyzer - New Features


Advanced logical extraction from iOS devices:
  • Enhanced logical extraction revealing rich set of data including  contacts, SMS, MMS, variety of application information, emails   from Jailbroken devices), databases and multimedia files.
  • Rapid extraction.
  • State of the art wizard guiding you through the extraction process.
  • Extraction’ menu. This extraction capability is available under Extract iOS Device.
  • Report generation now includes a Microsoft Word output format.
  • UFED Physical/Logical Analyzer is certified to run on Microsoft Windows 8.

Download now


Belkasoft Evidence Center 2013 Version 5.3 will feature Evidence Reader


Our vendor Belkasoft is about to release a major update to Belkasoft Evidence Center 2013: Version 5.3 will feature Evidence Reader, an all-new tool allowing Belkasoft users to pass along evidence collected with the main product. Evidence Reader allows accessing evidence collected with Belkasoft Evidence Center from any computer free of charge, even without Evidence Center installed.


Released BlackLight 2013 R1.1


BlackLight now includes a timeline feature that displays device usage and communications chronologically. This allows examiners to compare multiple devices side by side, identify periods of activity or inactivity, and quickly drill down to examine relevant data. BlackLight also now includes Windows NTFS file system support and advanced Windows Registry analysis capabilities, while continuing to provide the same advanced Mac and iOS features to which you are accustomed.

New features include:

  • Windows File System Support - Import and process forensic images acquired from volumes and virtual machines formatted with the NTFS, FAT16, and FAT32 file systems.   
  • Comprehensive Windows Registry Analysis - Easily locate, analyze, and tag crucial MRU, and system, user, and application configuration Windows Registry keys. Search across all registry hives by key name, key value name, and/or key value content.
  • Enhanced Internet Artifacts Support - Quickly and intuitively analyze Internet Explorer, Safari, Firefox, and Google Chrome Internet artifacts with the enhanced BlackLight Internet view.
  • Timeline Analysis - View multiple Mac and Windows device files and communications chronologically to uncover important usage patterns. Drill down to isolate email, instant messages, voice communications, and files created or accessed within a specific time frame.
  • New File Filter Views - Apply custom file filters independently within each BlackLight view to quickly pinpoint relevant media files, messages, email, contacts, and iOS device call data.  
  • Secure USB Key Authorization - Zero-storage USB license key option to meet high-security environment needs.
  • iOS 6 and Mountain Lion Compatibility - Comprehensive iOS 6 and OS 10.8.2 Mountain Lion support and platform integration.

It also features an innovative new process that boots the widest array of Macs possible, including all machines running on the newest Apple hardware.
Please contact to request a live on-site or online BlackLight or MacQuisition demonstration.


New version of PC-3000 Flash SSD Edition (v. 6.2.1) software is available


This version contains the following innovations and additions:

  • New multi-threading mode for fast ECC autodetection and correction, which allows to increase speed of ECC correction 4-8 times in comparison with PC-3000 Flash SSD Edition 6.2;
  • New multi-threading mode for data analysis during GREP search;
  • Significant improvement of ECC type autodetection;
  • Readout mode has been significantly improved and optimized for better speed performance;
  • New "hardware retries" feature has been added to read and readout modes. It will allow to increase the quality of reading results for some types of "problem" memory chips;
  • New button has been added on toolbar which enables to perform fast and practical switching between opened task in Kernel and Active Utility window. This new feature will be useful during SSD recovery process.


EnCase Forensic Version 7.07 is Now Available


Guidance Software announces EnCase Forensic Version 7.07

What's New in Version 7.07  
  • Evidence Processor performance scaling
  • Bookmarking Case Analyzer data
  • Mac OS X email message support
  • Mac OS X Artifact Parser
  • LinEn support features
  • Sorting tags within a column
  • PII Credit Card Pattern enhancement
  • Apple iOS 6 support

Evidence Processor Performance Scaling

The Evidence Processor now automatically adjusts the number of threads it uses to process information based on the number of logical cores on the examiner computer. The Evidence Processor scales the number of threads, using more threads on machines with more cores, and fewer threads on machines with fewer cores. The number of logical cores on a system can be seen in the Performance tab of Windows Task Manager.

Version 7.07 also includes a new comprehensive evidence processor status tool. The Evidence Processor status will include:

  • Lists of all possible tasks
  • Known limits of concurrency
  • Items pending
  • Items completed
  • Elapsed time per task

Bookmarking Case Analyzer Data

Case Analyzer now gives you the ability to bookmark any single or multiple rows while assigning a name and location for your bookmarks. When generating a final report, items/reports that you bookmarked will be included.

Mac OS X Email Message Support

The Evidence Processor now identifies Macintosh OS X email messages (EMLX files) using the Find Email function. These messages are collected in a LEF identified as Loose Email.

Mac OS X Artifact Parser

Artifacts from Macintosh OS X versions 10.6, 10.7, and 10.8 are supported. This module identifies artifacts that are typically stored in Mac OS X Property Lists (plist) or Apple System Log files.

After running the OS X Artifacts Parser, data collected is available in Case Analyzer Macintosh reports. New reports have been added to provide detail for available artifacts.

LinEn now supports the creation of Ex01 files

Console Window. LinEn now has a console window that displays error messages or information during acquisition, including messaging that informs you if the acquisition failed

LinEn now includes a path in the Add Devices dialog. LinEn scans the selected directory for block devices and adds them to the dialog list box. You can select any of the devices in the list and acquire or hash them. You can now sort the entire tag column by individual tag.

Sort by:

  • Tag name
  • Tag column
  • Ascending order
  • Descending order
  • PII Credit Card Pattern Enhancement


Version 7.07 adds several standard bank card patterns that are known and available as well as the ability to perform GREP customization. The interface has been updated to be more configurable and customizable.

Version 7.07 supports the Apple iOS 6 operating system. This includes implementation of the following new iOS 6 parsers:

  • SMS
  • MMS
  • Apple Maps (History and Bookmarks)
  • Accounts
  • Calendar
  • Call Log
  • Voicemail

Download Now


Sonnet Announces Dock Thunderbolt™with Complete Functions


Our vendor Sonnet has announced the release of Dock Thunderbolt Echo 15, a complete computer station for Mac® and Windows® with Thunderbolt ports.

The latest Sonnet'sThunderbolt technology includes 15 ports: 4 USB 3.0, 1Gigabit Ethernet, 1 FireWire 800, audio output and input (mini jack), double Thunderbolt port, 2 eSATA and 2 eSATA internals.

In addition, Dock Thunderbolt Echo 15 includes a DVD±RW 8x unit, or optionally a Blu-Ray BD-ROM/8x DVD±RW with software of Blu-Ray reproductin for Os X.

More information


WiebeTech Releases Ditto


Our vendor CRU-WiebeTech has released a product that will forever change eDiscovery and digital forensics: The Ditto Forensic FieldStation, the first digital imaging device to be configured, administered, and operated over a network via computer, tablet, or smartphone. It's a new game, and here's why:

  • Networked previewing, imaging, and cloning. Investigators are already buzzing about new workflows and how they can save on time and travel.
  • Designed for heavy duty with its rugged, all-aluminum construction.
  • Silent, fan-free operation and night-vision mode combine for discreet investigations.
  • Image over a terabyte of data on a single charge of an optional battery, and there's power to spare.
  • Clone or image to two drives in the time it takes to do one.
  • Role-based access provides users with unique profiles and appropriate privileges.
  • Automatic XML-based activity logs.
  • Investment protection and with easy expandability.




Sonnet Introduces xMac mini Server 2H


Sonnet has introduced the xMac™ mini Server 2H, a second model of the company's xMac mini Server Thunderbolt-to-PCI Express®expansion system and 1U rackmount enclosure for a Mac> mini with a Thunderbolt™ port. The new xMac mini Server 2H enables the use of two half-length, full-height PCIe cards, allowing users to select from and install the majority of Thunderbolt-compatible cards into either slot. The original xMac mini Server accommodates one full-length, full-height PCIe card and one half-length, half-height (low-profile) card.

More information on Sonnet and its other products is available at


Cellebrite Releases UFED


Cellebrite has released the new version of UFED: can find out what's new:


UFED Physical, file system and logical extractions from Android devices running OS v4.2.2

Android 4.2.2 introduces a new way of protecting apps and data on compatible devices using secure USB debugging. Secure debugging requires hosts to authenticate before accessing any ADB services or commands. Secure USB debugging is enabled in the Android 4.2.2 update that is now rolling out to Nexus devices. Many more devices are expected to enable secure debugging in the months ahead. Physical, file system and logical extractions can be performed using UFED on supported Android devices running version 4.2.2.


Improvements related to initiating file system and password extraction from selected Samsung devices using cable 107.

Upgrade UFED Touch

Upgrade UFED Logical


UFED Report Manager users: Have you upgraded to UFED Logical Analyzer?

UFED Logical Analyzer replaces UFED Report Manager. Upgrade to UFED Logical Analyzer and benefit from advanced analysis capabilities such as the project analytics, watch list, and timeline features and more. Starting from the next version, UFED Logical Analyzer will analyze URP reports previously generated by UFED Report Manager.

UFED Logical Analyzer application is provided at no additional charge for UFED Logical users with a current valid license. Download and receive a license for UFED Logical Analyzer at

UFED Physical Analyzer users do not need to download the UFED Logical Analyzer application.



New version of Insectra Forensics Brochure 2013



You can find it at the bottom of this site.





New F-Response 4.0.6 Released now with new Connectors


F-Response announces the addition of two new Connector products, the F-Response Database Object Connector, and the F-Response Email Connector. F-Response has extended the Connector series to include Email (IMAP) and Sharepoint (Database embedded files).

As part of the commitment to providing exceptional value to the customers F-Response decided to add all the Connectors (Cloud, Email, and Database), to TACTICAL edition and above, at no additional charge.

The F-Response Database Object Connector (FDBC) maps remote databases with embedded file objects to the local examiner's machine where they appear as a local read-only share. Currently the FDBC supports Microsoft Sharepoint, however addition databases and database server platforms will be added over time.

The F-Response Email Connector (FEMLC) provides direct, read-only access to remote GMail, Yahoo! Mail, and IMAP based email data, making it appear as a read-only, locally attached share.

Click here for more details.


Find out everything about the new IEF Frontline


IEF Frontline is a revolutionary on-scene preview tool by Magnet Forensics designed for first responders and non-technical users looking to conduct a 'first look' of a suspect’s computer to qualify it for seizure, before it's handed over to a forensics team for further investigation. More information.

Key Features:

  • Runs from a USB dongle on a live computer, maintains forensic integrity of the data.
  • One step scan for pictures, videos, web browser history & IM chat in 5-15 minutes.
  • Create understandable reports conveniently categorized by evidence type, then export to html, Excel or PDF.

Major Benefits:

  • Increased investigative efficiencies and an enhanced digital forensics process!
  • Improved case turnaround times and reduced backlogs when frontline personnel are able to qualify (or disqualify) a computer for seizure - lessening the load on digital forensics units.

Download our FREE Whitepaper
See for yourself and request a FREE, 30-DAY TRIAL of IEF Frontline TODAY


IMPORTANT: Tableau firmware update TFU v7.01b is now available for download from the Tableau product support page:

IMPORTANT: Tableau firmware 7.01 may fail to update the Tableau T6es devices correctly. The update, once installed, may also leave the device in a state where it will no longer detects hard drives. Until Tableau can establish the cause and extent of the problem please do NOT download and install the latest Tableau Firmware Update V7.01.


EnCase Forensic Version 7.05.03 is Now Available

Guidance Software is pleased to announce EnCase Forensic Version 7.05.03 is now available. EnCase is constantly working to enhance our software solutions by improving functionality and adding new capabilities.


What’s New in Version 7.05.03


  • EnCase Snapshot Enhancement

When a snapshot is taken of a machine on a wireless network, EnCase can now determine the IP address.

  • Guidance Software Product Compatibility Table

The Support Portal contains a list of version-to-version compatibility tables for all Guidance Software products at

For complete details, please review the Release Notes.


EnCase Forensic 7.05.03 Setup - English
212 MB
- ad761c234271ec33aca3bbe5e85d0b66
EnCase Forensic 7.05.03 Setup (x64) - English
261 MB - bff3d3fa5c311e3623fc5e60a932d0e6
EnCase Forensic SAFE-NAS 7d3 Setup - English
122 MB - 7c88a8815476de1a3c08ef01ba0c1aae
EnCase Forensic SAFE-NAS 7d3 Setup (x64) - English
121 MB - b3f0bd21a5d78cf895d6f1e95738671b
NSRL Hash Library in the EnCase 7 Format


Ufed releases a maintenance version of UFED Physical Analyzer 3.6.5 and UFED Phone Detective 1.1.9


UFED Physical Analyzer 3.6.5

This release newly presents device information within the Excel report.
Resolving rare decoding issues with:

  1. Android SMS
  2. iPhone SMS and MMS “Recipients” field (when multiple recipients are present)
  3. The attachments within iPhone deleted MMS

Upgrade UFED Physical Analyzer


UFED Phone Detective 1.1.9

UFED Phone Detective 1.1.9 includes information about new devices introduced in the previous UFED Touch and UFED Classic release.

Upgrade UFED Phone Detective


More Updates for your UFED


HTC and Motorola – Physical and file system extractions, and decoding from 101 locked devices running any Android OS version


The HTC Evo, Incredible and Desire, a long with the Motorola Droid Razr, Razr Maxx and Milestone, are among the most popular and best-selling Android smartphones.

Until now, access to existing and deleted data was unavailable from locked HTC and Motorola devices. UFED is the first and only tool in the industry to enable physical and file system extractions, while bypassing pattern lock / password / PIN with USB debugging disabled.


Galaxy SIII family and Galaxy Note II – Physical extraction and decoding while bypassing password / PIN / pattern lock

40 million Samsung Galaxy SIII devices were sold in 2012, between its May release and the end of December, increasing your odds of coming across them. Using the UFED Ultimate you can perform physical extraction on locked Samsung Galaxy SIII and Galaxy Note II devices, with Cellebrite’s proprietary bootloaders.

Note: UFED Classic users – an update of the Samsung support package is required.

Apple iOS 6.1: Physical, file system and logical extractions, and decoding


Update your UFED Physical Analyzer now to perform:

• Physical and file system extractions while bypassing simple and complex passcode

• Real-time decryption, decoding and simple passcode recovery

Supported devices: iPhone 3GS/4, iPod Touch 4G

Update your UFED now to perform:

• File system and logical extractions

Supported devices: iPhone 3GS/4/4S/5, iPad2/3/4/ mini, iPod Touch 4G/5G

Note: Update of the new EPR via the UFED Physical Analyzer is required.


Full Release Notes

UFED Touch Firmware

UFED Classic Firmware

Samsung Support Package

UFED Physical Analyzer 3.6.1

UFED Logical Analyzer 3.6.1

UFED Reader 3.6.1


Access Data presents new versions of different products


FTK 2 Available Now

Download Upgrade

  • Support for Microsoft SQL Server.You can now use Microsoft SQL Server database version 2008 R2 or 2012 as your FTK database (license not provided).
  • IIS Log Files. You can now view IIS log file data in HTML format and process IIS log files so they are broken into individual records organized by time.
  • Registry Data.You can now process selected Registry files (SAM and NTUSER.DAT) so that they are broken into individual records organized by time and interspersed with other data.
  • Enhanced Support for Many Additional File Types. Compressed PDF files, Apple iWork 09, IBM SmartSuite 9.8, Hangul 2010, Adobe Creative Suite 5 and Microsoft OneNote 2007/2010...see release notes for full list.
  • Bitlocker. You can now decrypt Windows 7 and Windows Vista Bitlocker.
  • Analyze Browser History with Visualization Add-on. You can now visualize Browser history in the timeline view.
  • Database Integration with AccessData CIRT 2.2

View the FTK 4.2 Release Notes for detailed information


Mobile Phone Examiner Plus 5.2.1 Available Now

Download Upgrade

  • SmartDevice App Analysis. The new Application List for both Android and iOS parsers automates the parsing of application data for applications, including Facebook, LinkedIn, Skype, Twitter and more.
  • Support for iOS 6 - 6.0.1 Physical Images
  • Updated Logical Support for iPhone 5 and the iPad Mini
  • Chinese Localization. Unicode display and recovery support through the incorporated FreeFile Parser.
  • One-Click Data Recovery. Both iOS and Android Physical images obtained with MPE+ or other solutios can be parsed for critical user data, deleted logs and SMS with the click of a button.

View the MPE+ 5.2.1 Release Notes for detailed information


AD triage 2.1 Available Now

Download Upgrade

  • Kiosk Mode. Kiosk will bring up a new dialog giving users the option to select one of the predefined Profiles to execute.
  • Screen Capture. Capture screenshots of individual windows including those that have been minimized, moved off screen or made "invisible."
  • USB. AD Triage now captures additional information from USB devices (first time it was seen by OS, date last mounted, user that mounted it, known drive letters and volumes associated with the device).
  • Export. Administrators can now predefine the UNC Export Path.
  • Read and Write to USB devices and more.

View the AD Triage 2.1 Release Notes for detailed information


Belkasoft Evidence Center: Faster Than Ever with New Multi-Threaded Core Engine


  • Faster Evidence Collection and Less Waiting Time

In version 5.2, Belkasoft greatly improved Evidence Center 2013
performance by including a brand-new core engine. The new engine now fully supports parallel multi-threading, bringing much greater performance to users of last-generation multi-core CPU's. This means a significant improvement in time spent detecting and collecting evidence from larger hard drives.

In addition, the new multi-threaded engine now allows background evidence processing, allowing investigators to interact with the tool at the time evidence is being collected. Background evidence collection greatly reduces waiting times, allowing specialists analyzing evidence that's been already discovered before the collection process is complete.

  • QQ Messenger 2012 and Mail.RU Agent 5.7-6.0 Support

Another welcome addition in version 5.2 is support for QQ Messenger 2012 and Mail.RU Agent 5.7-6.0 instant messengers. More details on these new additions will follow soon.

  • Mounting issues resolved

Some issues with mounting, appeared in the first builds of v.5.2, are now solved in the latest build 475, available on our site.

  • The Complete Roadmap

The complete list of planned enhancements is available here:

For more information, visit





Law Technology Review publishes a positive evaluation of EnCase Forensic v7.05

Law Technology Review recently tested and published an evaluation of EnCase Forensic v7.05. It’s a positive review that shows that continued investment in EnCase product development are paying dividends.


F-Response announces the return of "Dongle Amnesty"


Essentially it's an open renewal period for any and all expired F-Response dongles. In summary Dongle Amnesty is as follows:

F-Response renewals are open and available to all customers regardless of expiration. To qualify the renewal order must be placed on or before February 15, 2013 via our website or through one of our authorized resellers.


Insectra is now on Twitter!


TwitterIcon.png  Make sure you follow us and check out our tweets  :) 


Ace Laboratory releases PC-3000 UDMA 5.2.3 and Data Extractor Ver. 4.8.18 is released


Main enhancements:

PC-3000 UDMA

- New families are supported in WD, Samsung, Toshiba utilities.
- ROM writing and family identification have been added for Seagate F3 HDD.
- Password removing algorithm for HDD Hitachi-IBM-ARM has been improved.

Data Extractor

- Forensic functions have been added!
- New implementation of methods of scanning for NTFS and HFS+ file systems.
- Export/import of “Raw recovery” and Grep reference books have been added.


Belkasoft Evidence Center gets faster, better and deeper analysis


Belkasoft Evidence Center undergoes through constant maintenance and spending a lot of efforts evolving the product to a better tool. With this roadmap, it is sharing the insight on what’s going to be added to our flagship forensic suite in the course of Q1 2013. The updates will be FREE for all customers with non-expired subscription to its Support and Maintenance package.


What to Expect from Belkasoft During the First Quarter 2013


Belkasoft plans to greatly improve Belkasoft Evidence Center by adding the ability to take volatile memory snapshots with a stand-alone tool, delivering the ability to share collected evidence between investigators at no charge, and introducing a free stand-alone tool for extracting information from public Facebook profiles. The tool's general performance will be greatly improved by adding support for parallel multi-tasking, enabling simultaneous use of multiple cores available in today's CPU's. With these updates, you can expect Belkasoft Evidence Center to discover more evidence in significantly less time.


January 18, 2013: Belkasoft Evidence Center 2013 v. 5.2

  • Updated core engine: concurrent multitasking in multi-CPU and multiple core environments;

  • Multi-tasking support: reduced time waste with the ability to perform lengthy operations (e.g. disk scan) in background.

  • Multi-tasking support: the ability to scan multiple disks at the same time.

  • Support for two popular local instant messengers.

Version 5.3 (Release date TBD):

  • Unallocated disk space carving: support for new types of evidence.

  • Portable tool: Belkasoft Live RAM Capturer.

  • Stand-alone tool: Belkasoft Facebook Profile Saver.

Major update (Release date TBD):

  • Belkasoft Evidence Reader to allow passing collected evidence in read-only mode free of charge.

  • Product customization: the ability to widely customize the behavior of Belkasoft Evidence Center using an extension mechanism.

The Complete Roadmap

The complete list of planned enhancements is available here:

For more information, visit


Belkasoft presents several updates


  • Evidence Center 5.1 major update brings greater usability, tighter integration and support for additional types of evidence.

Download a FREE trial

  • Use Evidence Center in your own language! Belkasoft Evidence Center now speaks German, Spanish, Russian, Arabic, Vietnamese, Chinese, and Japanese.
  • Introducing Personal Cabinets: the easier way to manage licenses

You can review all your licenses for Belkasoft products, check validity periods for the licenses and customer support plans.

Log in

  • Recurrent event: free webinars on digital evidence

To learn, what's new in the latest releases of Evidence Center please attend one of our FREE bi-weekly webinars, delivered online.

See webinars schedule and sign up


F-Response news and updates


  • F-Response 4.0.5 Released

Download F-Response 4.0.5

  • F-Response in print again, this time in "Placing the Suspect Behind the Keyboard" by Brett Shavers

Brett Shavers, a long time F-Response user announces that it does make an appearance in his upcoming title, which appears to cover a number of timely and important topics.

  • F-Response Large Scale Collection Best Practices Guide

F-Response has published a new Best Practices guide on the website covering the lessons learned.

  • F-Response on LinkedIn and Twitter

Don't forget you can always follow F-Response on Twitter or join the F-Response LinkedIn Users group.


Released a new update of X-Ways Forensics: v16.8



What's new in this version of X-Ways:

  • Faster disk imaging
  • Adjustable compression level
  • Improved usability in the file management and reporting.
  • Compatibility with exFAT
  • Ability to display UTF16 Big Endian items.
  • Viewer files:
    • Improved PDF support.
    • Additional support for Autocad 2011-12.

Download evaluation version of v16.8


EnCase presents web information and a new LinkedIn group in Spanish


Its purpose is to create a forum for spanish people to discuss about the use of EnCase Enterprise , Cybersecurity , and eDiscovery .

Join the group


Guidance Software Releases EnCase® Forensic v7.05


This version of EnCase Forensics enables investigators to work with data sets earlier and faster in order to begin and close cases faster than ever before. Speed enhancements in the evidence processor have reduced significantly the processing time for both small and large data sets. Digital investigators can now rapidly process evidence files of virtually unlimited size, dramatically reducing case backlogs. With EnCase Forensic v7.05, investigators can uncover evidence up to nine times faster than previous versions using the greatly enhanced evidence processor.


Cellebrite presents a TRADE-IN Program


Cellebrite invites its costumers to TRADE-IN their UFED Classic for the new UFED Touch at a special price.


UFED Touch Ultimate has the following benefits:

• Faster physical extractions from the world's most popular smartphones
• Strong data processing – extract much more data
• Touch screen and intuitive GUI – quick and easy to use
• Portable – now with an integrated battery
• Enhanced field-ready operational kit
• New dual purpose tips for extraction and charging, and much more
This promotion valid until 31st December 2012. Trade-in now!

New iOS Support Package 4.2


Cellebrite has released a maintenance version of iOS support package 4.2, resolving issues related to physical and file system extraction from devices running iOS versions older than 4.3 The new iOS support package 4.2, can be updated directly via UFED Physical Analyzer or downloaded from the Cellebrite website.

Insectra Brochure 2013