• Home
• La Empresa
• Forense Digital
• Recuperacion de Datos
• Seguridad Informatica
• Entrenamiento
• Noticias/News
• Contactenos
• eafit16
• emeaintelligence2012

• Productos Forense Digital
  • DIGITAL INTELLIGENCE
    • Forensic Hardware
      • Forensic Systems
        • Freddie
        • Fred sc
        • Fred And Fred DX
        • Fred SR
        • Fred l
        • Ufred
        • Fredm
      • Forensic Devices
        • Fannie
        • Super Chief
        • Rack A Tacc Decryption
        • Tacc1441 Acelerator
        • Forensic Duplicator
        • Hardcopy 3
        • Hardcopy 2
        • Shadow 2
      • Forensic Write Blockers
        • Ultrakit
        • UB Esata IDE /SATA (RO)
        • UB Esata IDE /SATA (RW)
        • Ultrablock SAS (RO)
        • Ultrablock IDE/SATA (RW)
        • Ultrablock SCSI (RO)
        • Firewire Write Blocker
        • USB Write Blocker
        • Forensic Media Card Reader
      • Accessories
        • Multidrive Adapter
        • Zif Adapter
        • 1.8" Hard Drive Enclosure
        • 2.5" USB3 Sata HD Enclosure
        • 3.5"/2.5" Hard Drive Enclosure
        • Modular Storage System
        • Forensic Archive And Restore
        • Microsata Adapter
        • SATA To IDE Adapter
        • IDE To SATA Adapter
        • USB3 PCIe Controller
        • USB3 External Hub
        • Expresscard USB3 Adapter
        • Expresscard Esata Adapter
        • Expresscard Firewire Adapter
        • 2.5" Laptop HD Adapter
        • 1.8"Laptop HD Adapter
        • Laptop HD Adapter Set
        • SCSI3 To SCSI2 Adapter
        • SCSI3 To SCA Adapter
        • SCSI Adapter Kit
        • Firefly/UB Power Supply Kit
        • Travel Plug Adapter
        • Sata Hard Drive Tray
        • IDE Hard Drive Tray
        • Firewire Cable 9-6 Pin
        • Firewire Cable 9-9 Pin
    • Forensic Software
      • DI Software
        • Drivespy
        • Image
        • Part
        • PD Block
        • PD Wipe
      • Accessdata
        • Forensic Toolkit 3.0
        • Pasword Recovery Toolkit
      • Guidance Software
        • Encase Forensic Edition
        • Encase Portable
      • Paraben Forensic Tools
        • Forensic Replicator
        • Chat Examiner
        • Network Email Examiner
        • Email Examiner
        • Device Seizure
      • Hot Papper Technology
        • Email Detective
      • Stepanet Datalifter
        • Forensicware Solution
        • V2.0 Whit File Extractor Pro
        • Net Bonus Tools
        • File Extractor Pro
    • Forensic Training
      • Computer Forensic With Fred
      • Encase Advanced
      • CFFAD
      • CFFXP
      • CFFEN
      • Mobile Devices Forensic
      • Farm
      • Cell Phone Analysis
      • Computer Forensic Essentials
      • Fire
    • Forensic Services
  • PASSWARE
    • Forensic Solutions
      • Passware Kit Forensic
      • Subscription
      • Encryption Analyzer
      • Search Index Examiner
  • PARABEN
    • Products
      • Enterprise Forensics
        • P2 Enterprise
        • P2 ShuttlePro
        • P2 Shuttle Free
      • Mobile Forensics
        • Device Seizure
        • Device Seizure Fiel Kit
        • Deployable Fiel Kit
        • DDS (Deployable Devices Seizure)
        • DS Box
        • Sim Card Seizure
        • Stronghold Bag
        • Stronghold Box
        • Project A Phone
      • Hard Drive Forensics
        • P2 Commander
        • Deployable P2 Commander
        • Email Examiner
        • Network Email Examiner
        • P2 Explorer Pro
        • Forensic Replicator
        • Chat Examiner
        • Passware Kit Forensic
        • Parabens Lockdown
      • Consumer Tools
        • Irecovery Stick
        • Porn Detection Stick
        • Chat Stick
        • Possport Stronghold
        • Simcon
      • Free Software
        • P2 Shuttle Free
        • P2 Explorer Free
        • Link2
      • Bundles
        • P2 Command Kit
        • Devices Seizure Command Kit
        • Device Seizure Fiel Kit
        • Handheld Training Bondle
        • Mobile Lab Kit
    • Services
      • Cell Phone Forensic Consulting
      • Computer Forensic Consulting
      • Expert Testimony
    • Training
      • Cell Phone Forensic Training (PCME)
        • Mobile Level1
        • Mobile Level 2
        • Mobile Level 3
        • PCme Certification
      • P2 Commander Training (PCFE)
        • INTO TO P2 COMMANDER LEVEL 1
        • ADVANCE P2 COMMANDER LEVEL 2
        • PCFE CERTIFICATION LEVEL 3
      • Training Centers
      • Free Webinars
  • MILLE2
    • Training Options
      • live online security training
      • classroom based
      • self paced CBTS
      • Study kits
      • Customized Training
      • Trainig Brochure
    • Courses
      • Back
      • wireless security
        • CWSEngineer
      • Course shedule
      • Course Pricing
      • Guaranteed To Run Classes
      • General Security
        • c) Isso
        • Cissp
        • Cap
        • Sans GSLC-C) SLO
        • Sans Top 20 Security Controls
        • Social Engeneering
        • Security Eseential
        • Security Essentias
        • Iscap
        • Cihe
      • Pen Testing Ethical Hacking
        • Pen Testing Boot Camp
        • C)PTE
        • C)PTC
        • C)PEH
        • Certifield Ethical Hacker
      • Digital Forensics
        • C)DFE-CHFI
      • Other Security Titles
        • ITILv3
        • CISA-info Sys Auditor
    • Secure Coding y Web Apps
      • Secure Web App Engineer
      • C) SCE
    • Disaster Recovery
  • TABLEAU
    • Products
      • Duplicators
      • Forensic Bidges
      • Modular Storage Sistems
      • Hardware Accelerators
      • Sotfware
      • Power Supplies
      • drive adapters
      • Acquisition Accessories
      • Cables y Cables Adapter
  • BELKASOFT
    • Products
      • Belkasoft Evidence Center
        • Features
        • Installation instruction
      • Belkasoft Forensic Studio
        • Features
      • Belkasoft Forensic im Analyzer
        • features
      • Belkasoft Forensic Carver
        • Features
      • Belkasoft Mail Analyzer
        • features
      • Belkasoft Browser Analyzer
        • analyzer
      • Belkasaoft Skype Analyzer
        • features
      • Belkasoft ICQ Analyzer
        • features
      • Belkasoft qq Analyzer
        • features
      • Belkasoft icq History Extractor
      • Belkasoft Popup Suppresser
      • Belkasoft Removex
  • SARC
    • About Steganography
    • Product
      • StegAlizerAS-Steganography Analyzer Artifact Scanner
      • StegAlizerSS-Steganography Analyzer Signature Scanner
      • StegAlizerRTS-Steganography Analyzer Real-Time Scanner
      • Steganography Detection Policy for fidelis XPS
      • Custom Steganalysis Solutions
    • Training
      • Certifield Steganography Examiner Training
  • MUSHROOM
    • Solutions
      • Enterprise
      • Small Business
      • Broadcasting
      • Internet Data Centers
      • School & NPOs
      • Apartments
      • LECs & ISPs
    • Product
      • Truffle 5201G
      • Truffle 6401
      • Porcini 4422
      • Portabella 2242
      • Portabella 141
      • Teleporter
      • Virtual Leased Line
      • Broadband Bonding Service
    • Technology
      • Overview
      • Truffle BBNA
  • X-WAYS
    • Producto
      • X-ways Forensics
      • X-ways Investigator
      • WinHex
      • X-ways Capture
      • X-ways Trace
      • Davory
      • X-ways Security
  • D-FLABS
    • Solutions & Products
      • PTK Forensics
      • Incman-Incident management Suite
      • Dflog-log Management
  • WETSTONE
    • Product
      • Advanced Threat Identification (ATI)
      • G-FLASH
      • Gargoyle Investigator Forensic Pro
      • Gargoyle Investigator Enterprise Module (GEM)
      • Gargoyle Investigator Windows Forensic Edition (G-FE)
      • ¡FOSSIL
      • Sovereign Time
      • Stego Suite
      • US-LATT
  • FERNICO
    • Product
      • Far ProX Blu-ray
        • Overview
        • Technical Data
        • Options
      • Far ProX DVD
        • Overview
        • Technical Data
        • Options
      • Far ProX Imager
        • Overview
        • Technical Data
        • Options
      • Far LE
        • Overview
        • Technical Data
        • Options
      • ZRT 2 HD
        • Overview
        • Software
        • Options
        • Accesories
        • Upgrade Form
      • ZRT 2
        • Overview
        • Software
        • Options
        • Accesories
        • Upgrade Form
      • ZRT 2 Accesories
      • ERT
        • Overview
        • Software
        • Options
      • Phone View
      • Tomtology
  • PROJECTPHONE
    • products
      • Overview
      • Screenview
      • Snap
      • ICD_5200
      • ICD-1300
  • ADF SOLUTIONS
    • Products
      • Triage-Examiner
      • Triage-Investigator
      • Triage-G2
      • ADF-Triage Kit
      • Technologies
        • Capture Pak
        • Searchpak
        • ActivitySensor
        • Visual Search
  • CLEARWELL
    • products
      • Identification & Collection
      • Processing Search & Analysis
      • Review & Production
      • Case Management & Reporting
      • Clearwell
  • COGNITECH
    • Product
      • TRI-Suite11
        • Video Investigator
        • VideoActive
        • AutoMeasure
      • Forensic Acquisition
      • Goverment Applications
      • PIXL2GPS
      • Video Mobile Desktop Resplacement Supercomputer
  • ELCOMSOFT
    • Products
      • Elcomsoft Password Recovery Bundle
      • Elcomsoft Wireless Security Auditor
      • Elcomsoft Distributed Password Recovery
      • Elcomsoft Internet Password Breaker
      • Advance Archive Password Recovery
      • Advance Office Password Recovery
      • Advance Office Password Breaker
      • Advance PDF Password Recovery
      • Advance SQL Password Recovery
      • Advance Wordperfect Office Password Recovery
      • Advance Lotus Password Recovery
      • Advance Intuit Password Recovery
      • Advance Sage Password Recovery
      • Advance Mailbox Password Recovery
      • Advance IM Password Recovery
      • Advance VBA Password Recovery
      • Lightning Hash Cracker
      • Elcomsoft Phone Password Breaker
      • Elcomsoft Wireless Security Auditor
      • Proactive Password Auditor
      • Proactive System Password Recovery
      • Advance EFS Data Recovery
  • ACRONIS
    • products
      • Acronis Backup & Recovery
      • Acronis® Backup & Recovery™ 10 Online
      • Acronis® Backup & Recovery™ 10
      • Advanced Server Virtual Edition
      • Server for Windows
      • Server for Linux
      • 10 Advanced Server SBS Edition
      • Advanced Workstation
      • Workstation
      • Disk Director 11 Advanced Server
      • Home & Home Office
    • Home And Home Office
      • True Image Home 2011
      • Home 2011 Netbook Edition
      • Disk Director® 11 Home
      • Backup and Security™ 2011
      • Online Backup
      • AntiVirus 2010
      • Drive Monitor™
      • Migrate Easy 7.0
  • ACE LABORATORY
  • DECISION GROUP
    • Product
      • E-Detective
      • Wireless-Detective
      • E-Detective Decoding Centre (EDDC)
      • HTTPS/SSL Network Packet Forencics Device
      • Voip-Detective
      • Network Investigation Toolkit (NIT)
      • Network Packet Forensics Analysis Training (NPFAT)
      • Forensics Investigation Toolkit (FIT)
  • DIGITAL ASSEMBLY
    • Product
  • DT SEARCH
    • Product
      • Desktop With Spider
      • Netwwork With Spider
      • Publish (Portable Media)
      • Web With Spider
      • Engine For Linux
      • Engine For Win & Net
  • MOBILEDIT
    • Product
      • MOBILedit
      • MOBILedit ForenSic
      • Cables Kit
      • Phone copiar
      • COM Components
      • SyncML Server
  • HOT PEPPER
    • Product
      • E-Mail Detective-Forensic Software Tool
      • eChat Locker
      • 9501 Iridium Pager
      • 9501 Iridium/sp-66k-Pager Utility
        • General
        • Service
        • Developer
      • 9501 Iridium Pager Programmer-PPS
      • 9501 Iridium Pager Message Notification
  • NETWITNESS
    • Product
      • Spectrum
      • Visualize
      • Live
      • Informer
      • Investigator
      • SiemLink
      • API/SDK
      • NextGen Infrastructure
      • Decoder
      • Concentrator & Brocker
      • Investigator Freeware
• Servicios Forense Digital

Belkasoft Forensic IM Analyzer Features

Search a seized drive for histories
There is a seized hard drive in your lab and you want to find all history files it may contain. You do not know which means of communication the suspect in question has been using. The product allows you to search the whole hard drive for all supported types of Instant Messengers:

•All drives or particular ones may be selected

•You can select a particular folder to search through

•Histories to be looked for may be limited to a particular type (e.g. Skype files only)

•You can search against a drive image such as an Encase image, SMART or a DD image

•It is possible to manually select a history to analyze
 
Analyze found histories
The product does all the analysis with two mouse clicks:

•No password required

•You do not have to be logged under a history owner

•No write access required. The product works with write-blocking devices

Explore extracted histories
The product shows extracted messages in a user-friendly form as follows:

Within the user interface you can:

•See all available histories and their extraction status

•See all contacts belonging to a profile

•See all conversations with a selected contact

•Sort by time, message direction, message text

•Apply filtering

•Search history. Do simple searches through history and advanced searches using file with a set of words to look for. Experienced users will undoubtedly take advantage of searching by regular expressions, which is ideal while searching for templates or phrases with fuzzy structure
 
Neverland State Police Case 

Retrieving deleted history
If some history was deleted by a user, chances are that part of it can still be found on the drive. In order to do it the product uses so-called 'carving' techniques which helps to retrieve deleted conversations.

The following features are supported:

•Carving FAT and NTFS drives

•Carving drives attached through write-blocking device

•Carving drive images (Encase, SMART or DD format)

•Live memory investigation (carving RAM image made in win32dd/win64dd or FTK Imager)

Note! This feature allows to retrieve conversations, deleted from a drive. It will not help you in case some history was never stored on that drive, except for RAM image carving.

Export history
After completing your investigation you need to export history of interest into a readable form. The product allows you to:

•Export history to plain text, HTML, XML and also to CSV format which is good for exploring data within powerful Microsoft Excel product

•Limit exported histories to selected dates and contacts

•Limit exported histories to selected chat messages

•Split huge histories into separate files, broken by contact

The report can be burned onto a CD and given away.

Instant Messengers supported
The following IMs are supported:

•ICQ (all versions from 97a to ICQ 7)
•Microsoft MSN/LiveMessenger
•Skype versions 2, 3, 4, 5 (including chatsync recovery)
•Yahoo! Messenger
•MySpace IM
•&RQ
•Miranda
•SIM
•QIP
•QIP Infium
•Google Hello
•Trillian
•QQ 2008 and earlier
•QQ 2009 and 2010 (Professional and Ultimate edition only)
See this link for details on retrieval QQ 2009/2010
•Digsby
•Rambler Virtus
•Mail.Ru Agent
•Pidgin
•AIM (search history files only)
Deleted history carving support (Ultimate edition only):

•Skype 3
•Skype 4, 5
•Digsby
•ICQ Lite
•ICQ 7
•Miranda IM
•Windows Live Messenger
•QIP Infium/2010
•SIM
•AIM
•Virtus
•Pidgin
•Trillian
•Mail.ru Agent 5
•Gajim
•Emesene
•Yahoo! Messenger
Live memory images carving (Ultimate edition only):

•AIM
•AIM Express
•ICQ 7
•Yahoo! Messenger
•Skype
•Gmail
•Windows Live Messenger
•Meebo
•Google Talk
•Facebook (personal messages)
•Vkontakte.ru (personal messages)
•e-Buddy
•YaOnline
Product editions
The product is available in a number of editions:

•Home - this edition is intended for home (individual) users. Organizations are not allowed to purchase this edition. Please note, that this is the most basic version of the product

•Standard - this edition is the basic version for organizational users

•Professional - this edition includes support for mounting drive images, extraction of Skype chatsync and QQ 2009/2010

•Ultimate - this edition includes support for carving (retrieving) leftover data of deleted Instant Messengers and data in live RAM. Please, note that this version is still Beta

•Intelligence - this edition is distributed as an executable file on a flash-drive which does not have to be installed on the target computer. This is useful for gathering information outside the forensic lab in an uncontrolled environment like an internet cafe. The edition is only available for police and law enforcement