First of all, download the Belkasoft Evidence Center
ultimate from this link.
Click on New Option to select the Raw Image.
Enter the Case Name.
Select the Root folder where
Forensic Evidence will be created.
Then type the name of the
investigator and Case Description. Click Ok.
Now select the Raw Image and Check the Option Analyze Data
Source. Click on Next.
Now Select from supported data types and click on Next.
Now Select all and Click on
Finish.
To
visualize the cached sites exactly as seen by the user, Click on Cache in
Browsers option
To see Downloaded file list, click on Downloaded Files.
To Check the List of Sites Visited by the user, select Sites
Option.
To see Cookie List, Click on Cookies Option.
Now
click on Documents option and Then Select Found Documents option to see all the
office Documents files found in user pc
To see all the encrypted files, click on Found Encrypted
files option. It will detect more
than 150 types of encrypted files. It is also possible to decrypt all these
encrypted files with in this product by installing Passware kit Forensic integrated with Belkasoft
Product.
To Find Picture List, Select Found Pictures in Pictures
Option. To Detect Forgery in Picture.
Right click on Picture, Select Analyze Pictures and Click on Detect
Forgery Tab.
To find the recent files opened by Acrobat Reader, Click on
Adobe Acrobat Reader Recent Option.
To
See Recent applications run by user, Click on Last Application and Paths in
NTUSER.DAT Option. NTUSER.DAT is a registry file in Windows Operating System
.Every user profile contains an NTUSER.DAT file. It contains a unique Documents Folder, Start
menu Configuration, Desktop properties and browsing history.
To see last Selected Files by the user, Click on Last
Selected Files.
To check the recent files opened by user, Click on Recent
files option.
To detect latest searches by the user, click on Searches
option.
To find the latest accessed files by the user , click on
Recently accessed documents.
0 comments:
Post a Comment