The undisputed leader in computer forensics is Magnet Axiom
. The program not only gradually develops, but also includes functional entire segments: examination of mobile devices, data extraction from cloud storages, examination of devices running MacOS, etc. The program has user-friendly and functional interface that can be used for investigations related to the computers or mobile devices security.
The analogue of Magnet AXIOM is Belkasoft Evidence Center
. Belkasoft Evidence Center allows to extract and analyze data from mobile devices, cloud storages and hard drives. The program allows, during examination of hard drives, to detect encrypted files and partitions, extract files by a specified extension, data from web-browsers, chats and information about cloud services, geolocation data, e-mails, social networks and payment systems data, thumbnails, system files, system logs, etc. It has flexible customizable functionality for deleted data extraction.
Advantages of the program:
- a wide range of artifacts that can be extracted from various data storages;
- decent built-in SQLite database viewer;
- data collection from remote computers and servers;
- integrated functionality of checking detected files via VirusTotal.
The basic configuration of the program has a moderate price. Other modules that extend the functionality of Belkasoft Evidence Center can be purchased separately. In addition to the basic configuration, it is strongly recommended to buy the "File Systems" module, without which it is not convenient to work with the examined data storages.
As for disadvantages of the program: the interface of the program is not user-friendly and it is not obvious how to conduct separate actions. It takes training how to use the program to work in it efficiently.
The main Belkasoft Evidence Center window that shows the statistics of the forensic artifacts detected during examination of a specific device: