Virtual Forensic Computing (VFC)

MD5 LTD are the creators of this world-renowned software which was originally created in 2005 as an in house tool then released to the forensic community in 2007. VFC enables Digital Forensic Investigators to view a suspect’s machine in its native environment and is ‘an essential tool’ in every Computer Forensic Investigator’s toolbox. Therefore, VFC can be found in the majority of Law Enforcement and Government agencies and Corporate Digital Forensics organisations around the world.

This “must have tool” effortlessly virtualises a suspect’s computer either from the original evidence drive, a forensic image or a DD Image. Crucially for the Investigator the process never alters the original evidence, allowing the process to be repeated as and when required.

The latest version, VFC 4, proving to be a more powerful faster version, therefore, this new next-generation product contains a number of new features, enhancements and improvements which were all suggestions by our valuable customers.

VFC utilises the freely available VMware Player or Workstation and works in conjunction with any Computer Forensics disk mount tool such as FTK Imager; which recreates a suspect’s machine in a matter of seconds!

We use VFC in every computer investigation as part of our standard operating procedure.

Features & Benefits

  • Work directly from a DD image, a write-blocked physical drive or a mounted E01 file.
  • Support for Windows 3.1 – Windows 10.
  • Additional support for Apple Mac OSX, Linux and SunSolaris platforms.
  • Support for parsing partitions on GPT formatted disks.
  • Bypass Windows User Account passwords in seconds.
  • Rewind a subject machine back in time utilising restore point forensics from VSS Shadow Copies.
  • Add in additional hardware to load external or multiple drives into an existing VM to then rebuild a suspect’s machine as last viewed by them.
  • Generate a Standalone VFC Virtual Machine which enables sharing with non-technical departments.
  • Identify recent files and activity from jump lists, internet history and P2P software.
  • Use screen-grabbed images to help explain technical evidence plus enhance reports to avoid unnecessary verbal description.
  • Run scripts and/or install software on the guest system (VM).
  • View database software e.g. Sage and QuickBooks in its native environment allowing you to export spreadsheets, reports and/or files.
  • Use inherent P2P software to view active downloads or seeded files.
  • Retrieve plain-text passwords from browser caches to help access additional password-protected exhibits.
  • Use on-system encryption tools to remove encryption from linked exhibits.
  • Check for the presence of Cleaning software or Anti-Virus software and identify auto-run schedules and up-to-date virus definitions.

Shop VFC

If you require a quote or any further information please contact


Download VFC3

Download VFC4

VFC Demo Video

VFC has become an essential tool in our forensic investigator's toolkit. It provides investigators an insight into the suspect's perspective by actually seeing the user's desktop, settings and user environment. Screen captures from the suspect's ‎environment add significant weight to the forensic report when describing how the suspect utilized the computer to facilitate the crime. VFC is truly a tool that I rely upon and use in all my computer investigations!

  • Crown Commercial Service Supplier
  • XERA iConect
  • NEWA 2017
  • VFC4
  • Cyber Essentials Plus Certified
  • MSAB Logo
  • Cellbrite Logo
  • Sherlock Oxygen Forensics
  • XRY