The latest release of Belkasoft Evidence Center came with a host of new features.
In a word, the Timeline is a new view adding the convenience of combining all activities and communications of the suspect as well as many system events into a single aggregated view.
The Timeline makes investigating events that occurred over a certain time period much easier. By switching to Timeline view, investigators can now access all user activities and system events discovered during the analysis of a huge number of sources in a single aggregated view.
You can either review all activities occurring over a certain period of time or specify a filter. Filtering events in the Timeline view makes it possible to find essential information much faster. For example, you may want to only view suspect's communications in social networks.
You may add messages sent and received via instant messaging applications in a couple of clicks. In a word, the Timeline allows searching for certain types of events of including only selected types of data.
If you are interested in certain specific events occurring over a certain time period, you can easily use a combination of filters specifying the date range and displaying records that include your search string(s).
With case-sensitive, full-text content filtering, you can easily search for events meeting certain criteria or containing certain key words. Timeline filters are stackable, so you can specify a number of conditions that an event must meet in order to make it to the Timeline view.
One major feature added to Evidence Center 5.4 is the ability to investigate SQLite databases by using native processing. This new feature allows Evidence Center users to parse even badly damaged, fragmented and incomplete databases such as those resulting from a carving attempt.
The benefit for the user is enormous: native SQLite parsing allows recovering evidence from deleted and partially wiped databases, helping, for example, to recover much more information from destroyed Skype logs.
The newest release gets rid of third-party SQLite libraries, enabling fully native SQLite parsing. This native parsing allowed us to implement a new trick: SQLite freelist processing.
Did you know that records deleted from an SQLite database are not erased immediately, but are placed into a so-called "freelist"?
This is exactly what allows our new SQLite engine to access deleted records in SQLite databases. What can you find there? With many communication tools using SQLite to keep their histories, you can recover deleted chat logs, such as Skype messages, and access cleared histories, such as deleted iPhone SMSes.
The IEF Evidence Processor Module for EnCase® integrates IEF with the EnCase v7 Evidence Processor. This new free tool streamlines case workflow by allowing investigators to run Magnet IEF Standard from within EnCase.
If you already use IEF you can download IEF Evidence Processor Module for EnCase v7 directly from the Magnet Forensics website
EnCase users who don’t currently own a license for IEF can download a free 30-day trial or the full version of IEF with the IEF Evidence Processor Module for EnCase v7 from EnCase App Central.
These are F-Response September Updates:
F-Response Cloud Forensics and Incident Response Whitepaper
Investigations on Cloud Hosted servers is actually very simple. To that end F-Response has put together a whitepaper on "Cloud Forensics with F-Response" and has posted it on their Mission Guides and Documentation page. The whitepaper covers the general concept, how to leverage tools like F-Response, X-Ways Forensics, and USB-Over-Ethernet to provide top shelf investigative services to remote virtual machines and environments. They even include an example using cloud servers hosted at Rackspace. However, the example is very straightforward and could be readily adapted to other providers (Amazon, HP, Azure, etc).
F-Response Boot CD Preview
F-Response has uploaded the new Boot CD to the website, you'll find it labeled "Preview F-Response Boot CD v2" on the Downloads page for your license.
F-Response has added a number of new kernel modules, updated the Linux kernel to the 3.x series, and restored the same simple boot CD process we put together for the first F-Response Boot CD a few years ago. In addition, while F-Response can't promise it will work in every situation, the responsibles did come across a number of Apple based systems that booted fine with this boot CD, of course your results may vary, but it's certainly worth a try.
Now, CRU has announced a new Ditto firmware release, that includes the following features:
Decryption of the WhatsApp database available in BlackBerry devices running OS 5 and 6 Decryption of REMF media files Imprved decoding of BBM attachments.
Samsung M9xx family and Motorola devices with NVidia chipsets –enhanced decoding support.
Enhanced decoding including IMEI, IMSI, wifi networks, installed apps, notes and more.
Maps – View all extracted locations using Bing Road or Bing Ariel maps, embedded within UFED Physical/Logical Analyzer. The locations are presented with an icon displaying the location type.
Filter the locations based on multiple attributes including date and time and location type. The maps function is free of charge, requires internet access and is only available to UFED Physical/Logical Analyzer users with a valid license.
Rather than verifying complex passcodes one by one, UFED Physical Analyzer enables users to brute-force complex passcodes based on a dictionary created in advance. Supported Apple devices*: iPhone 2G/3G/3GS/4, iPad1, iPod Touch 1G/2G/3G/4G, iPod Nano 5G.
We are very pleased to announce the release of F-Response 5.0.1. In this release we address a few issues and add additional support and platform improvements.
A complete listing of the release notes can be found in our manual, however we've highlighted the main updates below:
Updates to the Modified datetime display to correct a one month skew. Previous release indicated dates that were one month prior to the correct date, January dates returned no data.
New support for logical volume detection within HPUX 11iv2 and v3.
Better handling for remote targets that use a non-standard Windows system root and root drive letter.
Modifications to present Alternate Data Streams (JSON encoding method only).
Higher resolution datetime values (where possible) are now provided in addition to existing unix timestamp values.
Updated Flexdisk API documentation.
Magnet Forensic's new free tool
Magnet Forensics has released a new free tool that converts the X-Ways® generated TSV file into the TLN file format which can be loaded into the IEF Timeline Viewer for visualization. More information.
Magnet received the Forensic 4cast award for “Computer Forensic Software Tool of the Year” for Magnet IEF Standard.
The new release v.5.4 offers a list of new features, functionality and usability improvements. Your reseller discount applies to all versions and editions of Belkasoft Evidence Center.
ElcomSoft Co Ltd. updates iOS Forensic Toolkit, enabling physical acquisition of jailbroken iOS 5 and iOS 6 devices including iPhone 4S and 5, iPad 2, 3 and 4, iPad Mini as well as the last generations of iPod Touch. Support for iPhone 4S and 5 has been highly demanded by forensic customers. By enabling physical acquisition of last-generation Apple devices, the updated Elcomsoft iOS Forensic Toolkit makes forensic analysis of these iOS devices once again a feasible enterprise.
In addition, the latest release of iOS Forensic Toolkit automates the acquisition of jailbroken devices, getting rid of previously required manual steps, reducing required manual interaction to absolute minimum. Finally, the acquisition of legacy devices is now completely automated with automatic detection of devices being connected.
Elcomsoft iOS Forensic Toolkit continues providing unrestricted support for legacy iOS devices such as iPhone 4 and earlier regardless of the iOS version they are running. Passcodes protecting these legacy devices can be recovered; however, physical acquisition can be carried out in somewhat limited mode even without a passcode. However, physical acquisition support for last-generation iOS devices is subject to certain technical limitations.
iPhone 4S and 5 as well as the last generations of iPad devices can only be acquired if already jailbroken, or if the investigator is able to jailbreak the device. At this time, non-jailbroken devices that are locked with an unknown passcode cannot be acquired, which does limit this tool’s scope of use.
Passcode recovery speed on jailbroken iPhone 5 devices is increased to 15.5 passcodes per second, allowing iOS Forensic Toolkit to break typical 4-digit passcodes in about 10 minutes.
With the launch of IEF v6.1 Magnet has added a host of new features. They listened to feedback from their customers and delivered a great new set of mobile device forensic features as part of the new IEF Advanced Edition. Also driven by customer feedback is the addition of the new network licensing option that makes it easier to manage IEF across multiple locations. Magnet tried to organize these new features, editions and licensing options to provide customers with added flexibility and choice, but we realize that new options can also cause a little confusion. So here’s a quick rundown of how the licensing works for each of these new offerings.
Current IEF Customers – As a special thanks to its loyal customers, Magnet decided to give a free upgrade to IEF Advanced to all existing IEF Standard and IEF Triage customers, with an active SMS contract. They want you to be able to take advantage of all the new mobile forensic features without having to purchase a new IEF Advanced License. Thanks for your support and please keep sharing your ideas and feedback.
New Customers – New customers can choose from IEF Standard, IEF Advanced or IEF Triage depending on which edition best meets your needs and your budget. For customers considering IEF Standard or IEF Advanced but who would like the flexibility to be able to also do live system investigations Magnet is now offering Triage bundles that allow customers to add Triage capability to an IEF Standard or IEF Advanced License without having to buy and maintain a separate Triage license. Pricing for the Standard-Triage Bundle starts at $1549 and pricing for the Advanced-Triage Bundle starts at $1999.
The latest Tableau Firmware v7.04 release is now available. This release introduces the following changes for the TD3 Forensic Imager, T35689iu Forensic Bridge and the TFU application:
TFU Application Update
All users of these Tableau devices are advised to apply this update.
EnCase Version 7.08 will be available in the beginning of August. EnCase Version 7.08 contains many updates and enhancements based on feedback raised from customers around the globe.
Here are some of the highlights:
Evidence Processor Manager
Evidence Processor Manager allows for distribution and control of evidence processing for one or more EnCase Examiners or EnCase Processors. Every license of EnCase Forensic comes with an additional dongle for an EnCase Processor node. This allows the investigator to process on one machine, while examining on another. With Evidence Processor Manager, investigators will be able to distribute, prioritize and control processing within farms of EnCase Processors.
SAFE Configuration Package
Have you ever needed to migrate a SAFE from one environment to another? (e.g. for disaster recovery/planning) It's possible, but can be time consuming to migrate keys, user accounts, roles and permissions from one SAFE to another. We're simplifying this process through creation of a SAFE configuration package. This package exports the entire configuration of the SAFE and may be used to configure another SAFE for everything except for the machine specific setup.
Decryption Support Updates
Support for decryption (with credentials) of the following products will be updated:
Check Point Full Disk Encryption for PC v8
Check Point Full Disk Encryption for Mac v3
OS X FileVault 128-AES
Windows ReFS Support
EnCase will parse and investigate devices using Windows Resilient File System (ReFS).
Solaris Volume Manager Support
EnCase will reconstruct logical volumes created with Solaris Volume Manager (SVM).
File Carver Enhancements
Several enhancements have been made to the File Carver module to improve the quality of carved results. In particular, JPEG images will be carved more comprehensively, with less reliance on default file types and sizes. Carved files will also be named with more information on the file itself, and the physical offset of where the file was carved from.
Evidence Processor Workflow Improvements
File Signature Analysis will not longer be required.
Recover Folders will be capable of being run on initial processing or subsequent processing.
Hash Set Management Improvements
EnCase will now allow investigators to view contents, search, and delete items from Hash Sets.
OS X Disk Image Format Support
Improving on our existing OS X investigation capabilities has been a priority for EnCase over the past 12 months. We are continuing these efforts with adding support for:
DMG, Sparse DMG and Sparse Bundles
Support BZIP and ADC compression for DMG images
We've been absorbing feedback from the v7 User's Group and are rolling out enhancements driven directly by you:
Adding columns to Bookmarks and Search views (description, unique offset, received, sent, URL host, TruePath, HasAttachments...+more)
Create LEFs from Results view
Hot keys for Tags
Stay tuned for more information nearer the release date.
These are TD2's updates:
Destination support for the exFAT file system, which supports large files over 4GB, has been added.
When wiping two disks simultaneously, both are now wiped to completion.
Disk spanning behavior is now more robust.
These are TD3's updates:
Destination support for the exFAT file system, which supports large files over 4GB, has been added.
UI including menu icons, layout, and flow has been redesigned.
You can now set DCO on your destination media for Disk to Disk duplication.
You can now image from an iSCSI share.
The iSCSI administration UI has more options and is more intuitive than in previous releases.
You can now configure a static IP.
You can now connect multiple source devices and select which one to image.
EnCase Ex01 is now supported.
TD3 can now acquire media with a non-512B sector size.
The "_" key has been added to the virtual keyboard.
TD3 offers improved handling of cases where source media is larger than destination media.
The HPA/DCO removal UI is more consistent.
CIFS is set as the default destination when it is the only destination.
TD3 can now mount CIFS shares greater than 4TB.
The issue of TD3 failing to image to a FAT32 iSCSI share that is greater than 250GB has been fixed.
The issue of a prior iSCSI session not disconnecting when starting a new iSCSI session has been resolved.
These are T35u's updates:
Windows 8 now detects the T35u properly over USB 3.0.
If you need to purchase a Tableau hardware or you have questions about this release, please contact us.
The start of the five series of F-Response includes a number of new enhancements to the F-Response product family, including: Additional F-Response Cloud Connector (Patent Pending) platform support, including Google Drive, Dropbox, and Skydrive. Additional "Premium Services" for F-Response Consultant Edition and above includes support for Google Apps for Business Drive accounts.
Improved F-Response Email Connector(Patent P ending) platform support, not only improvements to managing Google Mail, throttling, and IMAP, but also new "Premium Services" for F-Response Consultant and above that includes support for Office 365 using Native Microsoft Exchange technology.
In addition to the platform support additions, all the F-Response Connectors have been updated with additional stability and performance modifications.
Interested in Windows 8? F-Response v5 has been thoroughly tested on Windows 8 and Server 2012, both as a target and as an examiner. Ready to get F-Response 5.0.0? Head to the Downloads page to get started today!
XRY has made a new release and we thought you'd like to know about it. For full details please download the
Release Notes >>
What's New in this Update?
Download XRY version 6.6
You can download the latest version of XRY from XRY Customer Portal, use this link Log-in >>
Not used XRY Customer Portal before?
If you have not signed up for your login please email us here to get yours. Contact Me>>
The global leader in the development of forensic software for the recovery of Internet artifacts, recently collaborated with Guidance Software to develop an integration between Internet Evidence Finder™ (IEF) and EnCase® v7, the IEF to EnCase® Connector.
This new connector enables investigators that use both EnCase® and IEF to initiate IEF searches from within EnCase® and easily import the resulting IEF artifacts into EnCase® for comparison with other relevant case data. The IEF to EnCase® Connector integration is now available for download free of charge on the Magnet Forensics website at www.magnetforensics.com.
UFED Touch and UFED Classic
In April, two of the most anticipated Android devices launched into the market, Samsung Galaxy S4 and the HTC One. UFED is the first and only tool in the industry to enable: Logical extraction from selected devices:
– Logical extraction, file system extraction with user lock bypass, and decoding are now supported Enhanced Device Support Physical extraction and decoding while bypassing user lock for devices running any Android OS version, using proprietary client software.
Note: UFED Classic users must update EPR
Alcatel devices – Physical extraction while bypassing user lock and decoding, are now available for additional selected Alcatel devices using UFED CHINEX. Physical extraction can be performed by selecting the specific model or by selecting one of the two generic options:
Logical Extraction HTML Reports - UFED HTML report output is enhanced and split to handle large outputs with various multimedia types
The UFED Link Analysis user interface is now available in 10 different languages: Chinese, Dutch, French, German, Hebrew, Italian, Japanese, Portuguese, Russian and Spanish. You can select your own preferred display language from the application settings. The language selection will be saved for future sessions as well.
To provide faster and more efficient Technical Support to our valued users we are glad to introduce a new way of getting Technical Support – ACE Laboratory Technical Support Centre. It is CRM online system that ensures more convenience, quicker help, transparency and proper order of your requests to our Technical Support.
New Technical Support Centre enables you to:
Right now we are testing this system and we will be thankful for your feedback.
We ask all Technical Support users to get registered in it to start receiving Technical Support help from us faster.
To pass the registration, go to http://ts.acelaboratory.com/ . There are four ways to get registered:
1) Click “Register” button
2) Click “Submit a Ticket” button
3) Click “Live Support Online”
4) E-mail to email@example.com
In all four ways, your login will be your e-mail account. You can always change your password in your profile.
All previously registered user accounts are kept saved in our system, it is recommended to register one of your e-mail accounts, thus it will be easier for you to trace all your communication with our Technical Support.
Our vendor Belkasoft is about to release a major update to Belkasoft Evidence Center 2013: Version 5.3 will feature Evidence Reader, an all-new tool allowing Belkasoft users to pass along evidence collected with the main product. Evidence Reader allows accessing evidence collected with Belkasoft Evidence Center from any computer free of charge, even without Evidence Center installed.
BlackLight now includes a timeline feature that displays device usage and communications chronologically. This allows examiners to compare multiple devices side by side, identify periods of activity or inactivity, and quickly drill down to examine relevant data. BlackLight also now includes Windows NTFS file system support and advanced Windows Registry analysis capabilities, while continuing to provide the same advanced Mac and iOS features to which you are accustomed.
It also features an innovative new process that boots the widest array of Macs possible, including all machines running on the newest Apple hardware.
Please contact firstname.lastname@example.org to request a live on-site or online BlackLight or MacQuisition demonstration.
This version contains the following innovations and additions:
Guidance Software announces EnCase Forensic Version 7.07
|What's New in Version 7.07|
Evidence Processor Performance Scaling
The Evidence Processor now automatically adjusts the number of threads it uses to process information based on the number of logical cores on the examiner computer. The Evidence Processor scales the number of threads, using more threads on machines with more cores, and fewer threads on machines with fewer cores. The number of logical cores on a system can be seen in the Performance tab of Windows Task Manager.
Version 7.07 also includes a new comprehensive evidence processor status tool. The Evidence Processor status will include:
Bookmarking Case Analyzer Data
Case Analyzer now gives you the ability to bookmark any single or multiple rows while assigning a name and location for your bookmarks. When generating a final report, items/reports that you bookmarked will be included.
Mac OS X Email Message Support
The Evidence Processor now identifies Macintosh OS X email messages (EMLX files) using the Find Email function. These messages are collected in a LEF identified as Loose Email.
Mac OS X Artifact Parser
Artifacts from Macintosh OS X versions 10.6, 10.7, and 10.8 are supported. This module identifies artifacts that are typically stored in Mac OS X Property Lists (plist) or Apple System Log files.
After running the OS X Artifacts Parser, data collected is available in Case Analyzer Macintosh reports. New reports have been added to provide detail for available artifacts.
LinEn now supports the creation of Ex01 files
Console Window. LinEn now has a console window that displays error messages or information during acquisition, including messaging that informs you if the acquisition failed
LinEn now includes a path in the Add Devices dialog. LinEn scans the selected directory for block devices and adds them to the dialog list box. You can select any of the devices in the list and acquire or hash them. You can now sort the entire tag column by individual tag.
Version 7.07 adds several standard bank card patterns that are known and available as well as the ability to perform GREP customization. The interface has been updated to be more configurable and customizable.
Version 7.07 supports the Apple iOS 6 operating system. This includes implementation of the following new iOS 6 parsers:
Our vendor Sonnet has announced the release of Dock Thunderbolt Echo 15, a complete computer station for Mac® and Windows® with Thunderbolt ports.
The latest Sonnet'sThunderbolt technology includes 15 ports: 4 USB 3.0, 1Gigabit Ethernet, 1 FireWire 800, audio output and input (mini jack), double Thunderbolt port, 2 eSATA and 2 eSATA internals.
In addition, Dock Thunderbolt Echo 15 includes a DVD±RW 8x unit, or optionally a Blu-Ray BD-ROM/8x DVD±RW with software of Blu-Ray reproductin for Os X.
Our vendor CRU-WiebeTech has released a product that will forever change eDiscovery and digital forensics: The Ditto Forensic FieldStation, the first digital imaging device to be configured, administered, and operated over a network via computer, tablet, or smartphone. It's a new game, and here's why:
Investment protection and with easy expandability.
Sonnet has introduced the xMac™ mini Server 2H, a second model of the company's xMac mini Server Thunderbolt-to-PCI Express®expansion system and 1U rackmount enclosure for a Mac> mini with a Thunderbolt™ port. The new xMac mini Server 2H enables the use of two half-length, full-height PCIe cards, allowing users to select from and install the majority of Thunderbolt-compatible cards into either slot. The original xMac mini Server accommodates one full-length, full-height PCIe card and one half-length, half-height (low-profile) card.
More information on Sonnet and its other products is available at www.sonnettech.com.
Cellebrite has released the new version of UFED: 184.108.40.206.You can find out what's new:
Android 4.2.2 introduces a new way of protecting apps and data on compatible devices using secure USB debugging. Secure debugging requires hosts to authenticate before accessing any ADB services or commands. Secure USB debugging is enabled in the Android 4.2.2 update that is now rolling out to Nexus devices. Many more devices are expected to enable secure debugging in the months ahead. Physical, file system and logical extractions can be performed using UFED on supported Android devices running version 4.2.2.
Improvements related to initiating file system and password extraction from selected Samsung devices using cable 107.
UFED Logical Analyzer replaces UFED Report Manager. Upgrade to UFED Logical Analyzer and benefit from advanced analysis capabilities such as the project analytics, watch list, and timeline features and more. Starting from the next version, UFED Logical Analyzer will analyze URP reports previously generated by UFED Report Manager.
UFED Logical Analyzer application is provided at no additional charge for UFED Logical users with a current valid license. Download and receive a license for UFED Logical Analyzer at my.cellebrite.com/logicalanalyzer
UFED Physical Analyzer users do not need to download the UFED Logical Analyzer application.
You can find it at the bottom of this site.
F-Response announces the addition of two new Connector products, the F-Response Database Object Connector, and the F-Response Email Connector. F-Response has extended the Connector series to include Email (IMAP) and Sharepoint (Database embedded files).
The F-Response Database Object Connector (FDBC) maps remote databases with embedded file objects to the local examiner's machine where they appear as a local read-only share. Currently the FDBC supports Microsoft Sharepoint, however addition databases and database server platforms will be added over time.
The F-Response Email Connector (FEMLC) provides direct, read-only access to remote GMail, Yahoo! Mail, and IMAP based email data, making it appear as a read-only, locally attached share.
Click here for more details.
IEF Frontline is a revolutionary on-scene preview tool by Magnet Forensics designed for first responders and non-technical users looking to conduct a 'first look' of a suspect’s computer to qualify it for seizure, before it's handed over to a forensics team for further investigation. More information.
Download our FREE Whitepaper
See for yourself and request a FREE, 30-DAY TRIAL of IEF Frontline TODAY
IMPORTANT: Tableau firmware update TFU v7.01b is now available for download from the Tableau product support page: https://www.tableau.com/index.php?pageid=products&model=TSW-TFU.
IMPORTANT: Tableau firmware 7.01 may fail to update the Tableau T6es devices correctly. The update, once installed, may also leave the device in a state where it will no longer detects hard drives. Until Tableau can establish the cause and extent of the problem please do NOT download and install the latest Tableau Firmware Update V7.01.
Guidance Software is pleased to announce EnCase Forensic Version 7.05.03 is now available. EnCase is constantly working to enhance our software solutions by improving functionality and adding new capabilities.
When a snapshot is taken of a machine on a wireless network, EnCase can now determine the IP address.
The Support Portal contains a list of version-to-version compatibility tables for all Guidance Software products at https://support.guidancesoftware.com/matrix
For complete details, please review the Release Notes.
EnCase Forensic 7.05.03 Setup - English
212 MB - ad761c234271ec33aca3bbe5e85d0b66
EnCase Forensic 7.05.03 Setup (x64) - English
261 MB - bff3d3fa5c311e3623fc5e60a932d0e6
EnCase Forensic SAFE-NAS 7d3 Setup - English
122 MB - 7c88a8815476de1a3c08ef01ba0c1aae
EnCase Forensic SAFE-NAS 7d3 Setup (x64) - English
121 MB - b3f0bd21a5d78cf895d6f1e95738671b
NSRL Hash Library in the EnCase 7 Format
This release newly presents device information within the Excel report.
Resolving rare decoding issues with:
UFED Phone Detective 1.1.9 includes information about new devices introduced in the previous UFED Touch and UFED Classic release.
The HTC Evo, Incredible and Desire, a long with the Motorola Droid Razr, Razr Maxx and Milestone, are among the most popular and best-selling Android smartphones.
Until now, access to existing and deleted data was unavailable from locked HTC and Motorola devices. UFED is the first and only tool in the industry to enable physical and file system extractions, while bypassing pattern lock / password / PIN with USB debugging disabled.
40 million Samsung Galaxy SIII devices were sold in 2012, between its May release and the end of December, increasing your odds of coming across them. Using the UFED Ultimate you can perform physical extraction on locked Samsung Galaxy SIII and Galaxy Note II devices, with Cellebrite’s proprietary bootloaders.
Note: UFED Classic users – an update of the Samsung support package is required.
Update your UFED Physical Analyzer now to perform:
• Physical and file system extractions while bypassing simple and complex passcode
• Real-time decryption, decoding and simple passcode recovery
Supported devices: iPhone 3GS/4, iPod Touch 4G
Update your UFED now to perform:
• File system and logical extractions
Supported devices: iPhone 3GS/4/4S/5, iPad2/3/4/ mini, iPod Touch 4G/5G
Note: Update of the new EPR via the UFED Physical Analyzer is required.
In version 5.2, Belkasoft greatly improved Evidence Center 2013
In addition, the new multi-threaded engine now allows background evidence processing, allowing investigators to interact with the tool at the time evidence is being collected. Background evidence collection greatly reduces waiting times, allowing specialists analyzing evidence that's been already discovered before the collection process is complete.
Another welcome addition in version 5.2 is support for QQ Messenger 2012 and Mail.RU Agent 5.7-6.0 instant messengers. More details on these new additions will follow soon.
Some issues with mounting, appeared in the first builds of v.5.2, are now solved in the latest build 475, available on our site.
The complete list of planned enhancements is available here: http://forensic.belkasoft.com/en/roadmap_2013_Q1
For more information, visit http://forensic.belkasoft.com/en/
Law Technology Review recently tested and published an evaluation of EnCase Forensic v7.05. It’s a positive review that shows that continued investment in EnCase product development are paying dividends.
Essentially it's an open renewal period for any and all expired F-Response dongles. In summary Dongle Amnesty is as follows:
F-Response renewals are open and available to all customers regardless of expiration. To qualify the renewal order must be placed on or before February 15, 2013 via our website or through one of our authorized resellers.
Make sure you follow us and check out our tweets :)
- New families are supported in WD, Samsung, Toshiba utilities.
- ROM writing and family identification have been added for Seagate F3 HDD.
- Password removing algorithm for HDD Hitachi-IBM-ARM has been improved.
- Forensic functions have been added!
- New implementation of methods of scanning for NTFS and HFS+ file systems.
- Export/import of “Raw recovery” and Grep reference books have been added.
Belkasoft Evidence Center undergoes through constant maintenance and spending a lot of efforts evolving the product to a better tool. With this roadmap, it is sharing the insight on what’s going to be added to our flagship forensic suite in the course of Q1 2013. The updates will be FREE for all customers with non-expired subscription to its Support and Maintenance package.
What to Expect from Belkasoft During the First Quarter 2013
Belkasoft plans to greatly improve Belkasoft Evidence Center by adding the ability to take volatile memory snapshots with a stand-alone tool, delivering the ability to share collected evidence between investigators at no charge, and introducing a free stand-alone tool for extracting information from public Facebook profiles. The tool's general performance will be greatly improved by adding support for parallel multi-tasking, enabling simultaneous use of multiple cores available in today's CPU's. With these updates, you can expect Belkasoft Evidence Center to discover more evidence in significantly less time.
January 18, 2013: Belkasoft Evidence Center 2013 v. 5.2
Updated core engine: concurrent multitasking in multi-CPU and multiple core environments;
Multi-tasking support: reduced time waste with the ability to perform lengthy operations (e.g. disk scan) in background.
Multi-tasking support: the ability to scan multiple disks at the same time.
Support for two popular local instant messengers.
Version 5.3 (Release date TBD):
Unallocated disk space carving: support for new types of evidence.
Portable tool: Belkasoft Live RAM Capturer.
Stand-alone tool: Belkasoft Facebook Profile Saver.
Major update (Release date TBD):
Belkasoft Evidence Reader to allow passing collected evidence in read-only mode free of charge.
Product customization: the ability to widely customize the behavior of Belkasoft Evidence Center using an extension mechanism.
The Complete Roadmap
The complete list of planned enhancements is available here: http://forensic.belkasoft.com/en/roadmap_2013_Q1.
For more information, visit http://forensic.belkasoft.com/en/.
You can review all your licenses for Belkasoft products, check validity periods for the licenses and customer support plans.
To learn, what's new in the latest releases of Evidence Center please attend one of our FREE bi-weekly webinars, delivered online.
Brett Shavers, a long time F-Response user announces that it does make an appearance in his upcoming title, which appears to cover a number of timely and important topics.
F-Response has published a new Best Practices guide on the website covering the lessons learned.
What's new in this version of X-Ways:
This version of EnCase Forensics enables investigators to work with data sets earlier and faster in order to begin and close cases faster than ever before. Speed enhancements in the evidence processor have reduced significantly the processing time for both small and large data sets. Digital investigators can now rapidly process evidence files of virtually unlimited size, dramatically reducing case backlogs. With EnCase Forensic v7.05, investigators can uncover evidence up to nine times faster than previous versions using the greatly enhanced evidence processor.
Cellebrite invites its costumers to TRADE-IN their UFED Classic for the new UFED Touch at a special price.
Cellebrite has released a maintenance version of iOS support package 4.2, resolving issues related to physical and file system extraction from devices running iOS versions older than 4.3 The new iOS support package 4.2, can be updated directly via UFED Physical Analyzer or downloaded from the Cellebrite website.