VFC has become an essential tool in our forensic investigator's tool kit. It provides investigators an insight into the suspect's perspective by actually seeing the user's desktop, settings and user environment. Screen captures from the suspect's environment add significant weight to the forensic report when describing how the suspect utilized the computer to facilitate the crime. VFC is truly a tool that I rely upon and use in all my computer investigations!
Virtual Forensics Computing (VFC)
MD5 is regarded as one of the leading digital forensic solutions companies in the UK and creators of the world Renowned Software – Virtual Forensic Computing (VFC) and is used in every computer forensic investigation.
VFC is the most significant breakthrough in Computer Forensics within the last ten years. A ‘must have’ in every Computer Forensic Investigators toolbox.
VFC seamlessly and expeditiously re-creates a virtual crime scene from either the original evidence drive itself or the forensic copy of the suspect’s machine. The process normally takes less than a minute including password bypass routine. Crucially for the forensic investigator, the process never alters the original evidence and can be repeated at will.
The VFC application utilises VMware’s freely available Player or Workstation and Virtual Disk Development Kit (VDDK) along with image mounting tools such as FTK Imager, to re-create a subject machine in a matter of seconds.
The latest version of the software is VFC4 which has new exciting features.
VFC enables investigators to:
- Boot a forensic image of a suspect’s computer.
- Forensically launch a suspect machine in its native environment.
- Experience the ‘desktop’ as seen by the original user.
- Work from a DD Image or a mounted E01 File.
- Work directly from a physical, write blocked hard drive.
Features + Benefits
- Bypass Windows user account password using at least 276 password bypass routines.
- Point-and-click option to add in additional hardware to load external or multiple drives into an existing VM (to rebuild the suspect machine as last viewed by them).
- Point-and-click generation of a standalone Virtual Machine for sharing with non-technical departments.
- Rewind a subject machine back in time utilising restore point forensics.
- Full technical support available.
- Support for Windows 3.1 – Windows 10.
- Additional support for Apple Mac OSX, Linux and SunSolaris OS’s
- Support for parsing partitions on GPT formatted disks.
- Support for Password Bypass routines when using a GPT formatted target disk.
- Heavy investment in R & D resulting in regular updates.
- Password Bypass Routines Windows 7, Windows 8 & Windows 10.
- Larger GUI
- Check for auto-run cleaning software and up-to-date anti-virus.
- Use screen-grabbed images to help explain technical evidence.
- Use inherent software to view active downloads or open up and export spreadsheets from database programmes such as Sage or QuickBooks.