VFC (Virtual Forensic Computing)

View the digital crime scene in seconds

Launched in 2007, VFC is the leading virtualisation solution for the forensic investigator. VFC is used to create a virtual copy (VM) of a suspect computer:

Fast – VFC typically takes just a couple of minutes to produce a bootable VM
Safe – VFC is forensically safe and doesn’t modify original evidential data
Flexible – VFC supports common forensic image formats and write-blocked physical disks
Reliable – Based on over 10 years of research, contains support for numerous operating system and machine configurations and can produce a usable VM in > 95% of cases
Capable – VFC includes a built-in image mount tool and can bypass most Windows account passwords in seconds

VFC removes the guesswork from virtualisation and allows the investigator to concentrate on the investigation. It lets the investigator to quickly experience the computer environment just like the original user. This puts the investigator “in the room” with the suspect, providing invaluable access to software and data that cannot be easily found with a typical “dead box” examination.

In some cases, an experienced investigator can manually create a virtual machine from a forensic image. However, this can be time-consuming and error-prone task. VFC automates the process and applies over 10 years of acquired knowledge to fix numerous potential issues and quickly produce a compatible and stable virtual machine in seconds. VFC removes the guesswork from virtualisation and allows the investigator to concentrate on the investigation:

Reliably and quickly create a VM from either forensic image or write-blocked physical disk with just a few mouse clicks
Avoid common virtualisation errors due to BSOD and incompatible drivers
Avoid accidently changing original evidential material
Bypass Windows account passwords including Windows 8/10 “live” account passwords
Access encrypted disk data such as Bitlocker (requires recovery key or similar)
Experience the original user desktop and take screenshots or video of key evidence items for use in court:
- Original folder structure and desktop layout (as seen by the user)
- Recently accessed files and network shares
- Browsing history, saved passwords and P2P accounts
Interact with installed software in its native environment and access evidence that could otherwise be unavailable:
- View data using original software e.g. Sage, QuickBooks etc.
- Access data or online systems using original user credentials
- Access time-limited or expired software
Interact with original connected devices such as:
- iPhones (via iTunes accounts)
- Encrypted partitions or USB drives
Amend VM hardware to match the original hardware by adding additional disk/images, sound, USB or network support (disabled by default
Repair broken VMs following Windows System Restore or similar
Generate standalone VM for use by non-technical staff and other investigators
Heavy investment in R&D and regular updates

Part No:
AP-VFC-LE

REQUEST A QUOTE

First Name(required)

Last Name(required)

Email address(required)

Agency(required)

Phone Number

Street Address (required if requesting a quote)

City

State

Zip Code

What's the best way to contact you?

Phone

SKU/Part Number of Order
(If ordering different products, please list additional products below.)(required)

Quantity(required)

Further Questions / Product Listings

This field should be left blank

Please wait...