VFC Lab – VFC gives a new dynamic to the way an investigator works on an investigation VFC Lab puts the investigator “in the room” with the suspect, providing invaluable access to software and data that cannot be easily found with a typical “dead box” examination. The investigator can now find evidence in its easiest format, just like the original user. Each device that is examined is different, and therefore, having quick and easy access to the original is second to none.

VFC has many features which make it one of the most powerful tools that a digital forensic investigator can use.

Once a drive or image is mounted, VFC will take minutes to create a VM, including bypassing the user account passwords, and injecting your preferred files.

This will also allow you to quickly triage a device without preforming a full triage analysis, within minutes of obtaining the device.

VFC is capable of virtualising from many different image types – including logical. On top of this, VFC is also able to virtualise write blocked drives.

VFC is safe to use. The VM is a sandbox environment that not only allows you to analyse the device, but also allows you to test and change things without any consequence.

VFC LAB features:

  • Password bypass and GPR – VFC is capable of bypassing all windows user accounts on all windows operating systems. VFC’s password bypass tool does as its name suggests and bypasses the windows user account passwords. VFC’s GPR tool resets the local user account password, as well as being able to convert windows live accounts to local accounts. With the aid of the GPR tool, you are able to view any saved autofill information in the browser history.
  • Standalone VM – our standalone VM feature allows you to provide evidence to a colleague, different department, or third party. The standalone is great for report purposes and court too. What sets the standalone VM apart from anything else is that it doesn’t require the original image or drive present in order for it to work.
  • Inject files – This feature allows you to lets you inject files into a VM while VFC creates the VM. This can be anything to aid with the analysis. For example, you could inject analysis tools to do a ‘live’ look at the device.  
  • Modify hardware - once a VM has been created, you can attach other images/drives so you can access these within the VM.
  • Triage – within 30 seconds of selecting the partition, you will be able to view the VFC Triage log. This lists the following:
          • Recently accessed files
          • Recent app
          • Recent URLS
          • Installed applications
          • Installed documents
          • Windows history
          • Chrome history
          • Windows links
          • List of previously connected USB devices
          • List of user accounts
          • Last user logged on
          • Last used date
  • Putting the time back – VFC is capable of creating a virtual machine with a desired date and time. Enabling you to access licensed software and applications in their license period.
  • VFC has scripts to enable you to seamlessly work with xways, encase and FTK.