Digital Forensics and Incident Response



Cyber Triage

Cyber Triage is an automated digital forensics tool and Incident Response (DFIR) software that allows cybersecurity professionals like you to quickly answer intrusion questions related to:

  • Malware
  • Ransomware
  • Account Takeover

It uses host-based data, scoring, advanced analytics, and a recommendation engine to ensure your investigations are fast and comprehensive.

cloud forensics, network forensics
data recovery lab, mac forensics

Belkasoft Remote Acquisition

Belkasoft Remote Acquisition (Belkasoft R) is a new digital forensic and incident response tool developed specifically for remote extraction of hard and removable drives, RAM, connected mobile devices, and even specific types of data. Belkasoft R will be useful in cases when an incident response analyst or a digital forensic investigator needs to gather evidence quickly and the devices in question are situated in geographically distributed locations.

Belkasoft Incident Investigations

Incident Investigation module is aimed to help users investigate hacking attempts of Windows-based computers. By analyzing numerous sources such as registry, event logs and memory dumps, it can find traces, which are typical to various tricks used by hackers to penetrate company’s infrastructure. Belkasoft X looks at various artifacts located inside Amcache, Shimcache, Syscache, BAM/DAM, AppInit DLLs, Change of default file association, scheduled tasks, remote connections (RDP, Remote Connection, TeamViewer and others), startup tasks, browser extensions and so on; it detects suspicious connections and scripts. The results of analysis are then presented inside separate Incident investigation window, making it easy to separate suspicious activities from regular forensic artifacts.

security surveillance, computer forensics
cdr analysis, mobile forensics

E3 Remote Imager

E3 Remote Imager is a logical acquisition tool that can work with data in a remote location. The remote can be in a different location, network, or cloud. E3 Remote Imager will detect a volume and acquire the data based on the selection by the user. E3 Remote Imager provides flexible access to the evidence you need, anywhere you have a network connection.   This allows for the rapid collection of potentially changing information, in the event of an ongoing breach, or ensures speed and efficiency when collecting evidence in a more traditional forensic investigation.