Belkasoft Triage (Belkasoft T) is a free digital forensic and incident response (DFIR) tool designed for rapid on-site analysis of Windows machines. It is ideal for investigators and first responders who need to quickly identify and extract specific digital evidence without conducting full forensic examinations. Belkasoft T is portable, easy to use, and compatible with Belkasoft X for deeper analysis.

Features

• Portable & Installation-Free:
  • Launch directly from a thumb drive without installation.
• Fast Detection:
  • Identifies presence of specific data such as Skype profiles, Outlook mailboxes, and more within minutes.
• Artifact Coverage:
  • Detects over 1500 types of computer, mobile, and cloud artifacts including emails, chats, browsers, system settings, virtual machines, memory files, and mobile backups.
• RAM Acquisition:
  • Automatically acquires RAM dumps from Windows computers.
• Skin Tone Detection:
  • Analyzes images for skin tone presence.
• Hash Set Alerts:
  • Calculates file hash values and alerts on known hashes.
• Selective Export:
  • Export discovered results partially or entirely.
  • Select specific evidence to include in the resulting image.
• Analysis Control:
  • Stop analysis at any time once sufficient data is collected.
• Belkasoft X Compatibility:
  • Exported images are readable by Belkasoft X and other forensic tools.

Benefits

• Rapid Response:
  • Enables quick decision-making during time-sensitive investigations.
• User-Friendly:
  • Designed for both technical and non-technical users with easy configuration.
• Cost-Effective:
  • Free to use, making advanced forensic triage accessible to all investigators.
• Flexible Deployment:
  • Can be used in field conditions without prior setup.
• Comprehensive Evidence Collection:
  • Covers a wide range of digital artifacts for initial case assessment.
• Integration Ready:
  • Seamlessly integrates with Belkasoft X for deeper forensic analysis.