Yuri Gubanov, Founder And CEO, Belkasoft

Yuri Gubanov is the Founder and CEO of Belkasoft, a digital forensics software company established in 2002. Under his leadership, Belkasoft has become a global leader in evidence acquisition and analysis, with its flagship platform, Belkasoft X, providing deep artifact parsing, cross-platform support, and all-in-one DFIR capabilities to investigators in more than 130 countries. It’s been about a decade since your last interview with Forensic Focus. Bring us up to date with what you and Belkasoft have been doing! It really has been a while! I remember that interview—I made a conscious effort to make it as entertaining as possible, because, you know, purely technical industry interviews can be difficult to read even if you are an interested reader. Since then, I’ve gotten married, welcomed a daughter, relocated twice (spending the last few years living in Portugal), and in this interview I have to be a bit more serious, as the leader of a company that has grown significantly. I hope, though, that this interview won’t be a dull read. That’s how ChatGPT sees me, doing Forensic Softwadment Tell us more about the current line-up of products from Belkasoft. Belkasoft currently offers two primary commercial products: Belkasoft X Forensic and Belkasoft X Corporate. Belkasoft X Forensics enables law enforcement professionals to acquire and analyze data from a wide range of sources, including but not limited to: mobile phones and tablets, computers and laptops, cloud services, vehicles, drones and certain IoT devices. Get The Latest DFIR News Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month. Unsubscribe any time. We respect your privacy - read our privacy policy. What makes customers choose this tool is broad device coverage. You don’t need one tool for computer forensics, another one for mobiles, and a third for clouds—one single license and, more importantly, a single interface covers them all. Users also love the extensive artifact support—with thousands of app types analyzed out of the box, investigators don’t have to dive into SQLite databases or hex viewers to extract meaningful evidence. Apps are supported across multiple versions—some dating back to 1997! And believe me, we still receive requests to parse ICQ 98b or Skype version 2! In the screenshot: Belkasoft X uses AI to group similar faces and to search for a specific face. It’s also important to highlight that we continue to offer favorable licensing terms for law enforcement. Unlike many competitors, our forensic product license remains perpetual—the software doesn’t stop working if a renewal is not purchased. Last but not least, customers appreciate the affordable price of Belkasoft X Forensic, which is often significantly lower than comparable tools. Belkasoft X Corporate includes all the capabilities of X Forensic but adds features tailored to corporate incident response. These include remote acquisition (for both mobile and computer devices), support for YARA and Sigma rules, an Incident Investigations module focused specifically on cyberattack artifacts, and more. Private sector companies appreciate the tool for its versatility: while it provides all the necessary functions for conducting forensic investigations, the additional features enable cyber incident response all within the same familiar interface. The Incident Investigations tab of Belkasoft X Corporate displays artifacts grouped by Persistence, Execution, Remote connections, and other types of evidence related to a cyber incident. Beyond Belkasoft X, we recently introduced a new product: BelkaGPT Hub. In short, it is a technology designed to significantly accelerate on-premise Artificial Intelligence processing. This is especially important for our customers who can’t use online (cloud-based) AI services—which, in fact, represents the majority of Belkasoft users. What new challenges are investigators facing and how is Belkasoft responding to their needs? I wouldn’t say the challenges are entirely new. Over the past decade, investigators have consistently faced the same problems: overwhelming data volumes, encryption, cloud complexity, and difficulties acquiring modern devices. What has changed is the rapid rise of AI. Cybercriminals are now using AI to automate tasks that previously required manual effort. At the same time, AI can—and should—help investigators automate their own routine processes. This is exactly where BelkaGPT comes in. BelkaGPT is our fully offline AI assistant designed specifically for digital forensics. It helps investigators with a wide range of routine tasks: audio-to-text, video-to-text, image description and classification, language translation, summarization of communications and documents, and much more. On top of that, BelkaGPT is built-it Belkasoft X and presented through a familiar Q&A interface that everyone knows from online services like ChatGPT. BelkaGPT delivers some pretty amazing functionality, despite being completely offline. You can ask case-related questions, and it will provide a concise summary along with references to 3–10 relevant artifacts—not only text, but also audio, video, and images. In the screenshot: I asked BelkaGPT about the presence of storage locations in my case. One of the relevant referenced artifacts was an audio file—and its contents were in Portuguese! We’ve invested significant effort in minimizing hallucinations and making it easy for users to verify every referenced artifact. Beyond that, we place strong emphasis on evidentiary defensibility. BelkaGPT makes artifacts used to generate replies traceable to their original sources to support courtroom scrutiny. In digital forensics, speed matters—but reproducibility and transparency matter more. BelkaGPT has recently gained the ability to maintain context within the current Q&A conversation (“topic”), bringing it even closer to leading online AI systems—while remaining entirely offline. Above, I have mentioned BelkaGPT Hub. This is a complementary technology that allows you to offload the AI-related tasks to a separate computer or even to distribute across multiple computers. This enables BelkaGPT to support multi-user setups and helps our customers save money by allowing them to reuse existing horsepower (e.g., password-breaking GPU servers) instead of purchasing expensive GPU cards for every investigative workstation. For those interested in a deeper look at our top-notch AI technology designed specifically for digital forensics, I invite you to watch my recent webinar: What training and certification does Belkasoft provide? Belkasoft offers a broad range of training options. We provide in-person certification courses, including our 3- and 4-day BelkaCE program, as well as online and on-demand courses. We also offer a Training Pass that includes up to nine courses at a discounted rate. Additionally, we conduct a “Train the Trainer” program for partners and resellers—with the next session taking place in a paradise place of Phuket Island. Who wouldn’t want to be trained in a location like that? Belkasoft training is not only about learning product features. It is about understanding methodology, limitations, and defensible workflows. Every program contains a wealth of domain knowledge that’s useful even if you’re not using Belkasoft tools. What advice would you have for digital forensic investigators new to Belkasoft products? Belkasoft products are designed to be intuitive and easy to use. Earlier in my career, I lectured at a university and taught a course on software usability (UX), and that background strongly influences how we design our products. That said, some aspects of digital forensics are inherently complex—such as hex-level analysis, SQLite transactional files, or interpreting peculiar system artifacts. For that reason, I strongly recommend investing in an on-demand course or pursuing full Belkasoft certification. It also provides valuable CPE credits. Our courses and built-in tutorials are especially helpful for investigators transitioning from other tools. The artifacts may be the same, but the layout and workflow differ. Spending a few hours on structured training eliminates confusion and ensures you use your Belkasoft tool effectively rather than trying to force it to behave like a competitor’s product. Finally, how can we best use AI to help in digital forensic investigations? That’s a great question. AI is still relatively new in digital forensics, and the industry is actively discussing its proper use. I recommend reading the work of my friend Hans Henseler, which was partly inspired by a LinkedIn discussion involving my other friend, Alexis Brignoni, and me. It’s tempting to ask AI to “analyze everything and generate a full report.” However, the current architecture of large language models is not designed to produce fully reliable, court-ready results from such broad instructions. I’m skeptical that incremental improvements to LLMs alone will change that—it may require a fundamentally different approach in designing AI. Automation bias is a real risk. Investigators must resist the temptation to treat AI output as a conclusion. Where AI truly excels is in assisting with routine and time-consuming tasks. It can extract text from video, saving hours or even days. It can understand multilingual communication. It can enable more flexible semantic searches beyond simple keywords or regular expressions. For example, when searching for drug-related content, you don’t need to manually supply every possible slang term—that knowledge is already built in. The screenshot below shows a detailed BelkaGPT response demonstrating its familiarity with relevant slang terminology. Isn’t this impressive? I had no idea what Durban Poison was before asking that question. Ironically, an investigator born in Durban explained the response to me after my presentation on AI in Hong Kong. Jokes aside: do you see that “poison” was spelled incorrectly as “poision”? This is what would prevent your typical keyword search from finding the match, even if you added the term to your dictionary. But a typo doesn’t stop AI! At Belkasoft, we design AI with one principle in mind: BelkaGPT is your assistant, not your replacement. Your work does not end with AI output—it begins there! My advice would be: 0. Select an AI solution specifically designed for DFIR. General-purpose models won’t work out of the box in this domain. Adapting AI to digital forensics is not about fine-tuning a model for a few weeks. It requires deep alignment with artifact structures, evidentiary logic, reporting standards, and courtroom expectations. This level of domain adaptation takes years—not months. We invested more than two years adapting and refining our AI specifically for digital forensics, and if you choose to build your own solution from scratch, you will most likely need to invest a comparable amount of time to achieve a similar level of domain readiness. 1. Learn both the capabilities and the limitations of your chosen AI. If this is our BelkaGPT, we offer an excellent course that covers every aspect of the technology and provides you with exercises to help you use it efficiently. 2. Consider AI output as a lead, not a conclusion. 3. Always verify results—in BelkaGPT, this is as simple as clicking the referenced artifact. 4. Understand what is deterministic and what is not. For example, in BelkaGPT, referenced artifacts remain consistent if you repeat the same question. 5. Be cautious with responses like “nothing found.” It might indicate that an artifact is unsupported by your AI tool or missed for some other reason. 6. Recognize that some tasks are faster to complete manually than to ask AI and then verify its results. It makes sense to create a practical cheat sheet identifying where AI truly saves time. There is much more to say on this topic, but for the sake of brevity, I’ll stop here. I encourage investigators to pursue structured AI training and to follow respected industry voices who continue advancing this important discussion.