Forensics Investigon of RAW Images using Belkasoft Evidence Center

First of all, download the Belkasoft Evidence Center ultimate from this link.


Click on New Option to select the Raw Image.


Enter the Case Name.
Select the Root folder where Forensic Evidence will be created.
Then type the name of the investigator and Case Description. Click Ok.


Now select the Raw Image and Check the Option Analyze Data Source. Click on Next.


Now Select from supported data types and click on Next.


Now Select all and Click on Finish.


To visualize the cached sites exactly as seen by the user, Click on Cache in Browsers option


To see Downloaded file list, click on Downloaded Files.



To Check the List of Sites Visited by the user, select Sites Option.


To see Cookie List, Click on Cookies Option.



Now click on Documents option and Then Select Found Documents option to see all the office Documents files found in user pc


To see all the encrypted files, click on Found Encrypted files option.  It will detect   more than 150 types of encrypted files. It is also possible to decrypt all these encrypted files with in this product by installing Passware   kit Forensic integrated with Belkasoft Product.


To Find Picture List, Select Found Pictures in Pictures Option. To Detect Forgery in Picture.  Right click on Picture, Select Analyze Pictures and Click on Detect Forgery Tab.


To find the recent files opened by Acrobat Reader, Click on Adobe Acrobat Reader Recent Option.


To See Recent applications run by user, Click on Last Application and Paths in NTUSER.DAT Option. NTUSER.DAT is a registry file in Windows Operating System .Every user profile contains an NTUSER.DAT file.  It contains a unique Documents Folder, Start menu Configuration, Desktop properties and browsing history.


To see last Selected Files by the user, Click on Last Selected Files.


To check the recent files opened by user, Click on Recent files option.


To detect latest searches by the user, click on Searches option.


To find the latest accessed files by the user , click on Recently accessed documents.

0 comments:

Post a Comment