Why VFC ?

Here are just a few important possibilities for digital evaluation with VFC:

• Bypass Windows passwords and convert Windows Live accounts to local accounts
• Create a VM and start it up in seconds
• Create an independent digital copy that can be used in court (no data is changed on the PC to be examined)
• Check the affected PC system for malware (Trojans, malware, spyware, etc.)
• Start VFC from a boot stick to create an it-forensic image ( E01, DD, RAW, VHD, VHDx, etc. ) bypassing the Windows password

...and much more!

VFC enables the virtualization of Windows, Linux, Solaris and other operating system platforms.

The VFC VM allows the user to move around the suspect's desktop as if they had literally turned on their computer. This can be done by working with forensic images using the integrated mounting tool VFC Mount™ or directly from a read-only hard disk. Due to its simplicity, VFC enables it forensic and non-it forensic professionals to examine computers in a forensic manner, not in hours but in minutes!

VFC can also be used to help an investigator navigate incriminating and exculpatory data. It allows an investigator to visualize a suspect's desktop in a format that can be understood by anyone. This can either be done live in court, using a portable standalone clone of the virtual machine, or captured as still images for reports. This can be of great benefit in cases where even a non-technical person such as a judge, lay assessor or lawyer can understand and recognize the data.

Another very important feature for investigators to consider is the "Restore Point Forensics / Patch VM". This allows an investigator to "reset" a PC to a previous state in order to detect links that were stored on the PC in an earlier version of the machine, such as links to websites of dubious or criminal activity that have since been removed.