Difference between pages "Write Blockers" and "Belkasoft"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (added EPOS WriteProtector)
 
m (small updates)
 
Line 1: Line 1:
'''Write blockers''' are devices that allow acquisition of information on a [[hard drive|drive]] without creating the possibility of accidentally damaging the drive contents. They do this by allowing read commands to pass but by blocking write commands, hence their name.
+
'''About Belkasoft'''
  
There are two ways to build a write-blocker: the blocker can allow all commands to pass from the computer to the drive except for those that are on a particular list. Alternatively, the blocker can specifically block the write commands and let everything else through.
+
Belkasoft is a computer and mobile phone forensic software manufacturer since 2002. The company develops a range of forensic products aimed at law enforcement officials, investigators and experts in IT security and intelligence. The company delivers solutions that work right out of the box, without requiring a steep learning curve or any specific skills to operate
  
Write blockers may also include drive protection which will limit the speed of a drive attached to the blocker. Drives that run at higher speed work harder(the head moves back and forth more often due to read errors). This added protection could allow drives that can not be read at high speed (UDMA modes) to be read at the slower modes (PIO).
+
'''Products'''
  
There are two types of write blockers, Native and Tailgate. A Native device uses the same interface on for both in and out, for example a IDE to IDE write block. A Tailgate device uses one interface for one side and a different one for the other, for example a Firewire to SATA write block.  
+
The company’s flagship product is '''Belkasoft Evidence Center''', an all-in-one solution for searching, analysing, managing and sharing digital evidence discovered on suspects’ hard drives and RAM. Supported types of evidence include information found in instant messenger logs, internet browser histories, mailboxes of popular email clients, social network remnants, peer-to-peer data, multi-player game chats, office documents, pictures, videos, encrypted files, mobile backups and system files. Belkasoft Evidence Center is available in four major editions: Chat Analyzer, Chat & Social Analyzer, Professional, and Ultimate. The fifth Enterprise edition brings in centralized evidence processing with server-based operation and user-level permission management. A Portable edition requiring no installation and running off a USB pen drive is also available.
  
Steve Bress and Mark Menz invented hard drive write blocking (US Patent 6,813,682).  
+
'''Belkasoft Forgery Detection''' offers the ability to discover digital pictures that were altered, modified or otherwise manipulated. The tool applies a range of image analysis algorithms and a decisive neural network to produce a single numeric estimate of images’ authenticity.
  
There are both hardware and software write blockers. Some software write blockers are designed for a specific operating system. One designed for Windows will not work on Linux. Most hardware write blockers are software independent.  
+
In addition to commercial products, Belkasoft offers a range of free forensic tools.
  
= Hardware Write Blockers =
+
'''Belkasoft Facebook Profile Saver''' captures information publicly available in Facebook profiles. This small utility is designed for computer forensic and security specialists who need to automate the downloading of Facebook pages to their local computers. A local copy of public Facebook pages may be required for performing investigations and/or presented as court evidence.
  
'''Hardware write blockers''' can be either [[IDE]]-to-IDE or [[Firewire]]/[[USB]]-to-IDE. Simson prefers the IDE-to-IDE because they deal better with errors on the drive and make it easier to access special information that is only accessible over the IDE interface. You may feel differently.
+
'''Belkasoft Live RAM Capturer''' is a tiny free forensic tool to reliably extract the entire content of the computer's volatile memory - even if protected by an active anti-debugging or anti-dumping system. Separate 32-bit and 64-bit builds are available in order to minimize the tool's footprint as much as possible. Memory dumps captured with Belkasoft Live RAM Capturer can be analyzed with any forensic tool including Live RAM Analysis in Belkasoft Evidence Center.
  
NIST test results are here: http://www.nist.gov/itl/ssd/cs/cftt/cftt-hardware-write-block.cfm
+
'''Belkasoft Evidence Reader''' enables Evidence Center users to share evidence collected with the main suite. Users of Evidence Reader can access evidence collected during an investigation from any computer, even if Belkasoft Evidence Center is not installed on that PC.
  
== Commercial ==
+
'''Customer Base'''
  
; [[ICS Drive Lock]]
+
Belkasoft customers include government and private organizations in more than 60 countries, including the FBI, US Army, DHS, police departments in Germany, Norway, Australia and New Zealand, PricewaterhouseCoopers, and Ernst & Young.
: http://www.ics-iq.com/Super-DriveLock-Write-Blocker-Write-Protector-p/f.gr-0028-0000.htm
+
  
; MyKey Technology, Inc. NoWrite FPU and FlashBlock II
+
'''Credentials'''
: 1.8"/2.5"/3.5"/ IDE to IDE, FireWire/USB to IDE & SATA, all media types - NIST Ver. 2 accepted 
+
: http://www.mykeytech.com/
+
  
; [[Tableau]] write blockers for IDE, SATA, SCSI, USB  NIST Ver. 1 accepted
+
Belkasoft D-U-N-S number is 683524694.
: http://www.tableau.com/index.php?pageid=products
+
Belkasoft NATO Commercial and Government Entity (NCAGE, also CAGE) code is SKF09.
 +
Belkasoft is also registered within Central Contractor Registration (CCR), ORCA and WAWF.
 +
Belkasoft is a registered trademark.
  
; WiebeTech write-blockers for almost any disk drive: 2.5"/3.5" IDE, SCSI, SATA, ...
+
== External Links ==
: http://wiebetech.com/home.php?home=5  NIST Ver. 1 accepted
+
* [http://belkasoft.com/ Official website]
  
; EPOS WriteProtector
 
; http://www.epos.ua/view.php/en/products_epos_write_protector
 
  
= Software Write Blockers =
+
[[Category:Vendors]]
 
+
'''Software write blockers''' can be either tailored to an individual operating system or can be an independent boot disk. Their main upsides are with ease of use, since they are on a CD and do not require you to open up the case, and speed since they do not become a bottle neck.
+
 
+
== Commercial ==
+
 
+
; [[SAFE Block XP]]
+
: SAFE Block XP is a software-based write blocker designed for the Windows XP Operating System. It comes in both 32 and 64 bit options. NIST Ver. 1.2 accepted
+
: http://www.forensicsoft.com/
+
 
+
; [[MacForensicsLab Write Controller]]
+
: MacForensicsLab Write Controller is a software-based write blocker designed for the Mac OS X operating system.  It runs on both 32 and 64 bit versions of Mac OS X 10.4 or later.
+
: http://www.macforensicslab.com/ProductsAndServices/index.php?main_page=product_info&cPath=1&products_id=339
+
 
+
[[Category:Disk Imaging]]
+

Latest revision as of 09:21, 8 June 2014

About Belkasoft

Belkasoft is a computer and mobile phone forensic software manufacturer since 2002. The company develops a range of forensic products aimed at law enforcement officials, investigators and experts in IT security and intelligence. The company delivers solutions that work right out of the box, without requiring a steep learning curve or any specific skills to operate

Products

The company’s flagship product is Belkasoft Evidence Center, an all-in-one solution for searching, analysing, managing and sharing digital evidence discovered on suspects’ hard drives and RAM. Supported types of evidence include information found in instant messenger logs, internet browser histories, mailboxes of popular email clients, social network remnants, peer-to-peer data, multi-player game chats, office documents, pictures, videos, encrypted files, mobile backups and system files. Belkasoft Evidence Center is available in four major editions: Chat Analyzer, Chat & Social Analyzer, Professional, and Ultimate. The fifth Enterprise edition brings in centralized evidence processing with server-based operation and user-level permission management. A Portable edition requiring no installation and running off a USB pen drive is also available.

Belkasoft Forgery Detection offers the ability to discover digital pictures that were altered, modified or otherwise manipulated. The tool applies a range of image analysis algorithms and a decisive neural network to produce a single numeric estimate of images’ authenticity.

In addition to commercial products, Belkasoft offers a range of free forensic tools.

Belkasoft Facebook Profile Saver captures information publicly available in Facebook profiles. This small utility is designed for computer forensic and security specialists who need to automate the downloading of Facebook pages to their local computers. A local copy of public Facebook pages may be required for performing investigations and/or presented as court evidence.

Belkasoft Live RAM Capturer is a tiny free forensic tool to reliably extract the entire content of the computer's volatile memory - even if protected by an active anti-debugging or anti-dumping system. Separate 32-bit and 64-bit builds are available in order to minimize the tool's footprint as much as possible. Memory dumps captured with Belkasoft Live RAM Capturer can be analyzed with any forensic tool including Live RAM Analysis in Belkasoft Evidence Center.

Belkasoft Evidence Reader enables Evidence Center users to share evidence collected with the main suite. Users of Evidence Reader can access evidence collected during an investigation from any computer, even if Belkasoft Evidence Center is not installed on that PC.

Customer Base

Belkasoft customers include government and private organizations in more than 60 countries, including the FBI, US Army, DHS, police departments in Germany, Norway, Australia and New Zealand, PricewaterhouseCoopers, and Ernst & Young.

Credentials

Belkasoft D-U-N-S number is 683524694. Belkasoft NATO Commercial and Government Entity (NCAGE, also CAGE) code is SKF09. Belkasoft is also registered within Central Contractor Registration (CCR), ORCA and WAWF. Belkasoft is a registered trademark.

External Links