Difference between pages "Plaso" and "Belkasoft"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(File formats)
 
m (small updates)
 
Line 1: Line 1:
{{Infobox_Software |
+
'''About Belkasoft'''
  name = plaso |
+
  maintainer = [[Kristinn Gudjonsson]], [[Joachim Metz]] |
+
  os = [[Linux]], [[Mac OS X]], [[Windows]] |
+
  genre = {{Analysis}} |
+
  license = {{APL}} |
+
  website = [https://code.google.com/p/plaso/ code.google.com/p/plaso/] |
+
}}
+
  
Plaso (plaso langar að safna öllu) is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. Plaso is intended to be applied for creating super timelines but also supports creating [http://blog.kiddaland.net/2013/02/targeted-timelines-part-i.html targeted timelines].
+
Belkasoft is a computer and mobile phone forensic software manufacturer since 2002. The company develops a range of forensic products aimed at law enforcement officials, investigators and experts in IT security and intelligence. The company delivers solutions that work right out of the box, without requiring a steep learning curve or any specific skills to operate
  
The Plaso project site also provides [[4n6time]], formerly "l2t_Review", which is a cross-platform forensic tool for timeline creation and review by [[David Nides]].
+
'''Products'''
  
== Supported Formats ==
+
The company’s flagship product is '''Belkasoft Evidence Center''', an all-in-one solution for searching, analysing, managing and sharing digital evidence discovered on suspects’ hard drives and RAM. Supported types of evidence include information found in instant messenger logs, internet browser histories, mailboxes of popular email clients, social network remnants, peer-to-peer data, multi-player game chats, office documents, pictures, videos, encrypted files, mobile backups and system files. Belkasoft Evidence Center is available in four major editions: Chat Analyzer, Chat & Social Analyzer, Professional, and Ultimate. The fifth Enterprise edition brings in centralized evidence processing with server-based operation and user-level permission management. A Portable edition requiring no installation and running off a USB pen drive is also available.
The information below is based of version 1.1.0
+
  
=== Storage Media Image File Formats ===
+
'''Belkasoft Forgery Detection''' offers the ability to discover digital pictures that were altered, modified or otherwise manipulated. The tool applies a range of image analysis algorithms and a decisive neural network to produce a single numeric estimate of images’ authenticity.
Storage Medis Image File Format support is provided by [[dfvfs]].
+
  
=== Volume System Formats ===
+
In addition to commercial products, Belkasoft offers a range of free forensic tools.
Volume System Format support is provided by [[dfvfs]].
+
  
=== File System Formats ===
+
'''Belkasoft Facebook Profile Saver''' captures information publicly available in Facebook profiles. This small utility is designed for computer forensic and security specialists who need to automate the downloading of Facebook pages to their local computers. A local copy of public Facebook pages may be required for performing investigations and/or presented as court evidence.
File System Format support is provided by [[dfvfs]].
+
  
=== File formats ===
+
'''Belkasoft Live RAM Capturer''' is a tiny free forensic tool to reliably extract the entire content of the computer's volatile memory - even if protected by an active anti-debugging or anti-dumping system. Separate 32-bit and 64-bit builds are available in order to minimize the tool's footprint as much as possible. Memory dumps captured with Belkasoft Live RAM Capturer can be analyzed with any forensic tool including Live RAM Analysis in Belkasoft Evidence Center.
* Apple System Log (ASL)
+
* Basic Security Module (BSM)
+
* Bencode files
+
* [[Google Chrome|Chrome cache files]]
+
* CUPS IPP
+
* [[Extensible Storage Engine (ESE) Database File (EDB) format]] using [[libesedb]]
+
* Firefox Cache
+
* Java IDX
+
* MacOS-X Application firewall
+
* MacOS-X Keychain
+
* MacOS-X Securityd
+
* MacOS-X Wifi
+
* ([[SleuthKit]]) mactime logs
+
* McAfee Anti-Virus Logs
+
* Microsoft [[Internet Explorer History File Format]] (also known as MSIE 4 - 9 Cache Files or index.dat) using [[libmsiecf]]
+
* [[OLE Compound File]] using [[libolecf]]
+
* [[Opera|Opera Browser history]]
+
* OpenXML
+
* Pcap files
+
* Popularity Contest log
+
* [[Property list (plist)|Property list (plist) format]] using [[binplist]]
+
* SELinux audit logs
+
* SkyDrive log and error log files
+
* [[SQLite database format]] using [[SQLite]]
+
* Symantec AV Corporate Edition and Endpoint Protection log
+
* Syslog
+
* UTMP
+
* UTMPX
+
* [[Windows Event Log (EVT)]] using [[libevt]]
+
* Windows Firewall
+
* Windows Job files (also known as "at jobs")
+
* Windows Prefetch files
+
* Windows Recycle bin (INFO2 and $I/$R)
+
* [[Windows NT Registry File (REGF)]] using [[libregf]]
+
* [[LNK|Windows Shortcut File (LNK) format]] using [[liblnk]]
+
* [[Windows XML Event Log (EVTX)]] using [[libevtx]]
+
* Xchat and Xchat scrollback files
+
  
=== Bencode file formats ===
+
'''Belkasoft Evidence Reader''' enables Evidence Center users to share evidence collected with the main suite. Users of Evidence Reader can access evidence collected during an investigation from any computer, even if Belkasoft Evidence Center is not installed on that PC.
* Transmission
+
* uTorrent
+
  
=== ESE database file formats ===
+
'''Customer Base'''
* Internet Explorer WebCache format
+
  
=== OLE Compound File formats ===
+
Belkasoft customers include government and private organizations in more than 60 countries, including the FBI, US Army, DHS, police departments in Germany, Norway, Australia and New Zealand, PricewaterhouseCoopers, and Ernst & Young.
* Document summary information
+
* Summary information (top-level only)
+
  
=== Property list (plist) formats ===
+
'''Credentials'''
* Airport
+
* Apple Account
+
* Bluetooth
+
* Install History
+
* iPod/iPhone
+
* Mac User
+
* Safari history
+
* Software Update
+
* Spotlight
+
* Spotlight Volume Information
+
* Timemachine
+
  
=== SQLite database file formats ===
+
Belkasoft D-U-N-S number is 683524694.
* Android call logs
+
Belkasoft NATO Commercial and Government Entity (NCAGE, also CAGE) code is SKF09.
* Android SMS
+
Belkasoft is also registered within Central Contractor Registration (CCR), ORCA and WAWF.
* Chrome cookies
+
Belkasoft is a registered trademark.
* [[Google Chrome|Chrome browsing and downloads history]]
+
* [[Mozilla Firefox|Firefox browsing and downloads history]]
+
* Google Drive
+
* Launch services quarantine events
+
* MacKeeper cache
+
* Mac OS X document versions
+
* Skype text conversations
+
* [[Zeitgeist|Zeitgeist activity database]]
+
  
=== [[Windows Registry]] formats ===
+
== External Links ==
* [[Windows Application Compatibility|AppCompatCache]]
+
* [http://belkasoft.com/ Official website]
* CCleaner
+
* Less Frequently Used
+
* MountPoints2
+
* MRUList and MRUListEx (no shell item support)
+
* [[Internet Explorer|MSIE Zones]]
+
* Office MRU
+
* Outlook Search
+
* Run Keys
+
* Services
+
* Terminal Server MRU
+
* Typed URLS
+
* USBStor
+
* UserAssist
+
* WinRar
+
* Windows version information
+
  
== History ==
 
Plaso is a Python-based rewrite of the Perl-based [[log2timeline]] initially created by [[Kristinn Gudjonsson]]. Plaso builds upon the [[SleuthKit]], [[libyal]], [[dfvfs]] and various other projects.
 
  
== See Also ==
+
[[Category:Vendors]]
* [[dfvfs]]
+
* [[log2timeline]]
+
 
+
== External Links ==
+
* [https://code.google.com/p/plaso/ Project site]
+
* [https://sites.google.com/a/kiddaland.net/plaso/home Project documentation]
+
* [http://blog.kiddaland.net/ Project blog]
+
* [https://sites.google.com/a/kiddaland.net/plaso/usage/4n6time 4n6time]
+

Latest revision as of 10:21, 8 June 2014

About Belkasoft

Belkasoft is a computer and mobile phone forensic software manufacturer since 2002. The company develops a range of forensic products aimed at law enforcement officials, investigators and experts in IT security and intelligence. The company delivers solutions that work right out of the box, without requiring a steep learning curve or any specific skills to operate

Products

The company’s flagship product is Belkasoft Evidence Center, an all-in-one solution for searching, analysing, managing and sharing digital evidence discovered on suspects’ hard drives and RAM. Supported types of evidence include information found in instant messenger logs, internet browser histories, mailboxes of popular email clients, social network remnants, peer-to-peer data, multi-player game chats, office documents, pictures, videos, encrypted files, mobile backups and system files. Belkasoft Evidence Center is available in four major editions: Chat Analyzer, Chat & Social Analyzer, Professional, and Ultimate. The fifth Enterprise edition brings in centralized evidence processing with server-based operation and user-level permission management. A Portable edition requiring no installation and running off a USB pen drive is also available.

Belkasoft Forgery Detection offers the ability to discover digital pictures that were altered, modified or otherwise manipulated. The tool applies a range of image analysis algorithms and a decisive neural network to produce a single numeric estimate of images’ authenticity.

In addition to commercial products, Belkasoft offers a range of free forensic tools.

Belkasoft Facebook Profile Saver captures information publicly available in Facebook profiles. This small utility is designed for computer forensic and security specialists who need to automate the downloading of Facebook pages to their local computers. A local copy of public Facebook pages may be required for performing investigations and/or presented as court evidence.

Belkasoft Live RAM Capturer is a tiny free forensic tool to reliably extract the entire content of the computer's volatile memory - even if protected by an active anti-debugging or anti-dumping system. Separate 32-bit and 64-bit builds are available in order to minimize the tool's footprint as much as possible. Memory dumps captured with Belkasoft Live RAM Capturer can be analyzed with any forensic tool including Live RAM Analysis in Belkasoft Evidence Center.

Belkasoft Evidence Reader enables Evidence Center users to share evidence collected with the main suite. Users of Evidence Reader can access evidence collected during an investigation from any computer, even if Belkasoft Evidence Center is not installed on that PC.

Customer Base

Belkasoft customers include government and private organizations in more than 60 countries, including the FBI, US Army, DHS, police departments in Germany, Norway, Australia and New Zealand, PricewaterhouseCoopers, and Ernst & Young.

Credentials

Belkasoft D-U-N-S number is 683524694. Belkasoft NATO Commercial and Government Entity (NCAGE, also CAGE) code is SKF09. Belkasoft is also registered within Central Contractor Registration (CCR), ORCA and WAWF. Belkasoft is a registered trademark.

External Links