Imaging Drives and Mobile Devices with BelkaImager
Recently we participated in BEC 2017 and BelkaImager Early Access Program. Many of you are familiar with BEC, but what about BelkaImager? It is new imaging tool from Belkasoft capable of acquisitions of drives, mobile devices and even cloud. Today we are going to test it and show you how to image a flash drive and an iPhone with it.
BelkaImager as a standalone tool: you don’t have to install it, all you need is unpack the archive with the executable. It’s very important, because this way you can store it on a flash drive and it can always be with you.
After starting the tool you’ll see the following screen:
Let’s start from imaging our flash drive, choose “Drive” icon. We chose “Physical drive”, as you can see, our flash drive is \\.\PHYSICALDRIVE3. We decided to create a raw image with SHA-1 checksum:
After clicking “Next”, the imaging process had started:
When the process was finished, we got the corresponding message:
As a result, we got a raw (dd) image that can be parsed with any computer forensic suite without any problems.
Soon after we decided to image an iPhone. Now you should choose “Mobile device” icon. Here is the list of available devices:
There is nothing to choose here, except for image path, as you can see, we chose G:\iPhone. So just click “Next”:
The tool performing logical acquisition via iTunes backup. It should be noted that there are some tips for Android acquisitions on the window.
Finally the backing up process was finished and again – we had the corresponding message:
As you can see, the tool is really easy to use. It’s still in development, so we highly recommend you to participate in Early Access program. We hope that you will try cloud acquisition yourself and share the results with us!
About the authors:
Interests: Computer, Cell Phone & Chip-Off Forensics
Interests: iOS forensics, Android forensics, Mac OS X forensics, Windows forensics, Linux forensics