VFC 5.2 And VFC Mount

Virtual Forensic Computing (VFC) was first launched to the digital forensic community in 2007. It is the original and still the go to virtualisation solution for the digital forensic investigator.

VFC makes it easy to create a Virtual Machine (VM) replica of a target system. This enables an investigator to recreate and interact with the “digital crime scene” without altering data on the original drive.

Built to follow accepted forensic practices VFC interrogates the target drive to gather relevant system information. From there it very quickly builds the specific VMware framework needed to create a forensically sound replica of the target system (the exhibit) as a VM. This process is automated by the VFC software to avoid Blue Screen of Death (BSOD) and driver errors, saving the user hours of manual diagnosis and repair.

VFC can virtualise Windows, Linux, Solaris, DOS & other OS platforms.

The VFC VM enables the user to navigate around the suspect’s desktop as if they had literally turned on their machine. This can be completed by working from forensic images (using mounting software such as VFC Mount) or can work directly from a write-blocked hard-drive.


Get The Latest DFIR News!

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

VFC MOUNT IS FREE!

The forensic disk image must be “mounted” to make it visible to both VFC and later VMware. Our latest release, VFC 5.2, includes VFC Mount (introduced in VFC 5). However, VFC Mount is now also available as a standalone tool that can be downloaded free from our website. VFC Mount has been designed for use with VFC and optimised to avoid common compatibility problems with VMware. Although VFC Mount is designed to work with VFC, it can also be used as your everyday mounting tool.

Find out more at vfc.uk.com/shopuk/vfcmount.php

BYPASSING PASSWORDS

Generic Password Reset (GPR) was introduced in VFC 5 and this allows the user to change or remove the password completely. A new feature of VFC 5.2 allows you to choose to remove passwords during the VM generation process. This means less steps are required to access the VM.

LIVE → LOCAL

Since VFC 5, users have been able to bypass passwords on live ID accounts. This was accomplished by creating an exploit using the generic password reset tool. This was performed once the VM was virtualised in VMware.

A brand-new feature introduced in VFC 5.2 is the ability to convert live ID accounts to local accounts during the VM generation process. WHY. This conversion takes place at the same time as the password removal. Again, saving you time during the investigation.

MOUNT AND EXPLORE

Mount and explore was a feature added to VFC 5.1. this allows you to mount and view a VM as a file system tree. This allows you to insert files in and copying files out of the VM without booting the VM. This is useful for injecting antivirus software to do an antivirus scan, and other specialist software. This is can also be performed using a command-line interface (CLI) for integration with other systems.

For Further information on both VFC 5.2 or VFC Mount contact Tom Cross at [email protected] our New VFC Sales Manager, or Telephone on 01924 22099, or visit our website VFC.UK.COM

Leave a Comment

Latest Videos

Magnet Forensics' Matt Suiche on the Rise of e-Crime and Info Stealers

Forensic Focus 12th January 2023 3:00 am

Just like your current holiday shopping for last minute presents a lot of the good stuff has gone off the shelves already. You reach to the back and find the toy nobody really wanted but it’s the thought that counts, you stare down at Si and Desi’s Holiday Special 2022 podcast. 

Please join these two as they lament over the year that was, discuss all the things they didn’t do but promise they will do them next year, query whether putting a NAS in the storage of a roller door is a good idea, and finally arrive at what they’re looking forward to bringing you in the new year.

Show Notes:

Arduino PLC IDE - https://docs.arduino.cc/software/plc-ide
Mycroft Mark II (open source Alexa) - https://www.kickstarter.com/projects/aiforeveryone/mycroft-mark-ii-the-open-voice-assistant
Christa’s new blog - https://christammiller.com/
Si’s holiday reading - https://amzn.to/3iJyGrR
Desi’s holiday reading -  https://inteltechniques.com/
Strange event for the end of the year - https://www.reuters.com/world/europe/25-suspected-members-german-far-right-group-arrested-raids-prosecutors-office-2022-12-07/
Si’s wishful thinking - https://www.youtube.com/watch?v=GXnRgXclLd0
Si’s list to do before the EOY - https://intrepidcamera.co.uk/products/intrepid-4x5-camera
Desi’s list to do before EOY - https://www.wired.com/story/how-to-reset-your-phone-before-you-sell-it/
“Cleaning your office” - https://www.manfrotto.com/uk-en/vintage-collapsible-1-5-x-2-1m-ink-sage-ll-lb5720/
Conference recorder - https://amzn.to/3UBmre5
Desi’s blog - https://www.hardlyadequate.com/

Just like your current holiday shopping for last minute presents a lot of the good stuff has gone off the shelves already. You reach to the back and find the toy nobody really wanted but it’s the thought that counts, you stare down at Si and Desi’s Holiday Special 2022 podcast.

Please join these two as they lament over the year that was, discuss all the things they didn’t do but promise they will do them next year, query whether putting a NAS in the storage of a roller door is a good idea, and finally arrive at what they’re looking forward to bringing you in the new year.

Show Notes:

Arduino PLC IDE - https://docs.arduino.cc/software/plc-ide
Mycroft Mark II (open source Alexa) - https://www.kickstarter.com/projects/aiforeveryone/mycroft-mark-ii-the-open-voice-assistant
Christa’s new blog - https://christammiller.com/
Si’s holiday reading - https://amzn.to/3iJyGrR
Desi’s holiday reading - https://inteltechniques.com/
Strange event for the end of the year - https://www.reuters.com/world/europe/25-suspected-members-german-far-right-group-arrested-raids-prosecutors-office-2022-12-07/
Si’s wishful thinking - https://www.youtube.com/watch?v=GXnRgXclLd0
Si’s list to do before the EOY - https://intrepidcamera.co.uk/products/intrepid-4x5-camera
Desi’s list to do before EOY - https://www.wired.com/story/how-to-reset-your-phone-before-you-sell-it/
“Cleaning your office” - https://www.manfrotto.com/uk-en/vintage-collapsible-1-5-x-2-1m-ink-sage-ll-lb5720/
Conference recorder - https://amzn.to/3UBmre5
Desi’s blog - https://www.hardlyadequate.com/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_BhrBg5_sAKo

Si and Desi Holiday Special 2022

Forensic Focus 16th December 2022 12:00 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...