Making complex data simple and compelling
From digital device to digital evidence
Unlock your vehicle's digital evidence potential
Forensic Analysis and Enhancement
Investigating and analyzing financial records
Gain access to the online accounts of deceased loved ones
Clear, precise evidence for a messy world
Expert reports to suit your specific needs
We can locate people anywhere
Stop worrying and learn the truth
Prevent, Detect, Respond To Cyberattacks
First response is crucial. Every minute counts.
The first response is critical to reduce liability
Detection & Removing Spyware Services
Reduce your electronic risk from digital transmittals
Find out who you are really talking to
Experienced, Confidential Services
Swift, professional incident response
Complicated cases require compelling digital facts
Find, recover and document digital evidence
Bring solid evidence before a judge
Cases can be investigated using Social Media
Recently, we participated in BEC 2017 and BelkaImager Early Access Program. Many of you are familiar with BEC, but what about BelkaImager? It is a new imaging tool from Belkasoft capable of acquisitions of drives, mobile devices and even Cloud data. Today we are going to test it and show you how to image a flash drive and an iPhone with it.
BelkaImager is a standalone tool: you don’t have to install it – all you need is unpack the archive with the executable file .exe and store it on a flash drive.
After starting the tool, you’ll see the following screen:
Let’s start from imaging our flash drive by choosing the Drive icon. We chose Physical drive, as you can see, and our flash drive is \\.\PHYSICALDRIVE3. We decided to create a raw image with SHA-1 checksum:
After clicking Next, the imaging process started:
When the process was finished, we received the following message:
As a result, we received a raw (dd) image that can be easily parsed with any computer forensic suite.
Later on, we decided to image an iPhone. Now you should choose a Mobile device icon. Here is the list of available devices:
There is nothing to choose here, except for image path, as you can see, so we chose G:\iPhone. Click Next:
The tool is performing logical acquisition via iTunes backup. It should be noted that there are some tips for Android acquisitions on the window.
Finally, the backing up process was finished and, again, we had the following message:
As you can see, the tool is really easy to use. It’s still in a developing stage, so we highly recommend you to participate in Early Access program. We hope that you will try Cloud acquisition yourself and share the results with us!
Igor Mikhaylov
Interests: Computer, Cell Phone & Chip-Off Forensics
Oleg Skulkin
Interests: iOS forensics, Android forensics, Mac OS X forensics, Windows forensics, Linux forensics
Excellent tool, i had the opportunity to test the trial version and is too intuitive, the only detail i’d like is, the Android Backup file (.ab) be saved in RAW or E00 format, because is more standarized and is more defendible in court. Thanks
Please enter the result of the calculation above.
Save my name, email, and website in this browser for the next time I comment.
Δ
Speak to a Specialist Now
Get Help Now