VIRTUAL FORENSIC COMPUTING 7 (VFC7)

by MD5
Home » Computer Forensics » Software » Virtual Forensic Computing 7 (VFC7)

Announcing the new Virtual Forensic Computing 7 (VFC7) by MD5

Product Code: AP-MD5-VFC

MD5 LogoRegarded as a leader in Digital Forensic Software development, MD5 has created a new version of its tried and tested Virtual Forensic Computing software suite. VFC version 7 (VFC7) includes some great new features, as requested by users. These enhanced features come alongside a faster, more powerful version of VFC.

What is new in Version 7

VFC v7 features a streamlined workflow making it simpler to progress from forensic image to virtual machine but still allows the experienced user to perform a detailed exploration of the mounted image.

 

    Features & Benefits

    • Bypass Windows User Account passwords using at least 276 password bypass routines.
    • Includes PassWord Bypass (PWB) Routines for Windows 7, Windows 8 & Windows 10.
    • The latest update* includes PWB routines for 42 variants of Windows 10 OS alone.
    • PWB routines now externalised from the main program for faster, independent updates.
    • PWB process expedited for quicker analysis and implementation.
    • User Account Password hashes are now always extracted to the splash screen.
    • These are also embedded in the VMX annotation.
    • The provision of password hashes enables the use of external hash-cracking tools to identify the original system-password (helps with programs that require EFS access.)
    • Point-and-click option to add in additional hardware to load external or multiple drives into an existing VM (to rebuild the suspect machine as last viewed by them.)
    • Point-and-click generation of a standalone Virtual Machine for sharing with non-technical departments.
    • Restore Point Forensics allows the user to ‘Rewind’ a VFC VM back in time.
    • Larger GUI and bigger splash screen on home tab.
    • Supports GPT formatted disks.
    • Support for Windows 3.1 – Windows 10.
    • Additional support for Linux and SunSolaris and others.
    • Heavy investment in R & D resulting in regular updates.
    • Full phone and email support.

    Single Volume Images

    VFC v7 now supports non-bootable single volume images. These are images that contain a complete file system but lack components removed found in a whole disk image. VFC v7 can now emulate seamlessly the missing components and allow such images to be converted to a bootable virtual machine.

    Virtualizing a single volume image involves setting up a virtual environment where the contents of the single volume image can be accessed and interacted with as if it were a physical storage volume. A virtual machine provides a controlled and isolated environment to work with the contents of the image, making it easier to analyze and manipulate the data without affecting the original image.

    VFC does all this for you which makes it an invaluable tool that can be used for various purposes such as Cyber\Digital Forensic testing, development and analysis.

    This is particularly useful for images that were captured as a single volume or where an image has been converted from another volume based format such as a device that is TPM(TCM) encrypted, “BitLocker” and “VeraCrypt” encrypted, or any supported image format that can be converted in this way.

    Using VFC to Virtualize a TPM, BitLocker or VeraCrypt encrypted single volume image enables controlled access and analysis of the decrypted data without modifying the original image

    VFC enables a Cyber\Digital\Incident Response Investigator to follow the best practices of maintaining the integrity of the digital evidence with confidence and ensures that a proper chain of custody is maintained throughout the analysis process.

    (Please note VFC does not support L01 logical images. These do not contain file system information and cannot be converted to a bootable virtual machine.)

    Access computers configured with S-Mode

    Windows S Mode is primarily used in specific environments where a more locked-down and controlled computing experience is desired. Here are some of the common scenarios where Windows S Mode is used:

    Education Sector: Windows S Mode is often used in educational institutions, such as schools and universities. Its streamlined nature and restriction to installing apps from the Microsoft Store can provide a more secure and controlled environment for students and educators.

    Enterprise and Business Environments: Some businesses may choose to use Windows S Mode on their devices to enhance security and manageability. The restricted app installation can help prevent the installation of unauthorized or potentially harmful software.

    Devices for General Consumers: In some cases, manufacturers may pre-install Windows in S Mode on certain devices targeted at general consumers. This is less common compared to the use in education and business sectors, but it provides a simplified and secure computing experience for individuals who do not need to install software from outside the Microsoft Store.

    VFC enables the system to operate like a standard operating system without the controls and security restrictions of S-Mode.

    Inject files

    This very powerful feature allows you to inject third party analysis software into a VM while VFC is generating it. Whether you are a Cyber Forensic; Digital Forensic; Incident Response Investigator you will have your favorite suite of tools to aid and carry out analysis of a device in your enquiries, using this feature you can use the generated VM to get the answers more efficiently and effectively in the field or in the lab.

    VFC Triage

    Being able to quickly triage a computer device on scene or in the Lab can prove vital prioritizing items can save time and an organization money. When conducting on scene triage, you want to be in and out as quickly as possible, while collecting sufficient evidence to warrant bringing the device back to the lab or even decide it does not meet the case parameters. VFC triage allows you quick and safe access to the device, within 30 seconds of selecting the partition, you will be able to view the VFC Triage log that can provide you with the following:

    • Recently accessed files
    • Recent app
    • Recent URLS
    • Installed applications
    • Installed documents
    • Windows history
    • Chrome history
    • Windows links
    • List of previously connected USB devices
    • List of user accounts
    • Last user logged on
    • Last used date

    Request a Quote


      If possible, please use a valid agency/company email.

      RCMP DMFT Program?


      This is necessary to quote accurate shipping costs.