Belkasoft Triage is a new digital forensic and incident response tool developed specifically for a quick analysis of a live computer and making a partial image of important data.

The product is designed to assist in situations when an investigator or a first responder is at the scene of incident and needs to quickly identify and obtain specific digital evidence stored on a Windows machine.

Why Belkasoft T?

• The product is user friendly enabling both experts and non-technical specialists to use it out of the box

• Belkasoft T is portable and can be started from a dongle

• In a matter of minutes, you will get the information of presence of data you are looking for, such as, for instance, Skype profile or Outlook mailbox

• Belkasoft T can be easily configured during operation and does not require special knowledge to set up

• Images acquired with Belkasoft T can be analyzed in Belkasoft X for a deeper insight into the content of the copied data

Key Features:

• Launch Belkasoft Triage from a dongle connected to a device being investigated

• Detection of 1500+ computer, mobile and cloud artifact types: mails, chats, browsers, system settings, and more 

• Automated acquisition of a computer RAM dump 

• Detect presence of virtual machines, memory files and mobile backups 

• Detect a skin tone in the discovered pictures 

• Calculate file hash values and show an immediate alert on files with known hashes 

• Stop the analysis at any time once you got enough information 

• Export discovered results partially or make a full export 

• Select evidence to be exported

How it Works?

• Run Belkasoft T from a dongle

• Select a folder or disk(s) ( Acquire RAM if required)

• Configure the triage process, including hash calculation and skin detection

• Start the analysis and review the data discovered

• Export selected data into a standart format readable by Belkasoft X as well as other forensic tools