Belkasoft Remote Acquisition, also known as Belkasoft R, is a new digital forensic and incident response tool developed specifically for remote extraction of hard and removable drives, RAM, connected mobile devices, and even specific types of data. Belkasoft R will be useful in cases when an incident response analyst or a digital forensic investigator needs to gather evidence quickly and the devices in question are situated in geographically distributed locations.
Why use Belkasoft Remote Acquisition?
- With Belkasoft R, there is no longer need to interrupt an employees’ daily routine or draw excessive attention to your investigation.
- No more geographical challenges and expensive trips.
- No need in having trained specialists in all locations of your organization’s offices.
- Belkasoft R saves your time and money doing a forensically sound remote acquisitions: no more excessive costs and extra time for travels.
- Easy to deploy: You can set up agent deployment over your network with a few mouse clicks using various deployment methods, such as GPO (Group Policy Objects) or WMI (Windows Management Instrumentation).
- Support for various operating systems. Does your network comprise of both Windows and macOS computers? Belkasoft R supports both operating systems!
- Straightforward acquisition: Select one or more endpoints and then select what evidence to acquire: whether you need a hard drive, volatile memory, mobile device or even specific types of data such as documents or pictures.
- Mobile device support: Collect both iOS and Android mobile devices, located in other geographical areas!
- Support for various network configurations: Acquire endpoints from both local and global networks, including subnets behind routers, and access remote devices even on VPN.
- Quick partial acquisition: In a hurry? Selective extraction of specific artifact types helps to save time by acquiring only necessary files.
- Manage your network bandwidth with flexible scheduling. Belkasoft R allows you to specify acquisition time and upload time so that you can maintain your bandwidth load during working hours and schedule mass upload to occur during the night.
- Do you have a large network? Belkasoft R helps you to break-up your endpoints in multiple ways: by assigning them a name, group, location, and even a color, which can be used to manage various devices under your control. Easily edit or acquire endpoints from the same location or even by the same color!
How It Works
1) Deploy Agents:
– Deploy agents with GPO (Group Policy Objects), if you are an administrator of a Windows domain.
– Use WMI (Windows Management Instrumentation).
– Use simple deployment via USB thumb drive or even a network share.
– Windows and macOS are supported.
2) Schedule & Acquire:
– Specify which endpoints to acquire. Multiple endpoint acquisitions are supported.
– Choose whether to compress data.
– Schedule when to start an acquisition and when to upload acquired data to a central location.
– Your data is secured with SSL encryption.
– Images created by Belkasoft R are compatible with Belkasoft X. Analyze them with Belkasoft’s flagship DFIR tool!
– Investigate hacking and intrusions into Windows-based computers with the help of our Incident Investigations module.
– Get the most out of Belkasoft X with its powerful analytical features like Timeline, Connection Graph and Cross-Case Search.