VFC v7 features a streamlined workflow making it simpler to progress from forensic image to virtual machine but still allows the experienced user to perform a detailed exploration of the mounted image.
VFC v7 now supports non-bootable single volume images. These are images that contain a complete file system but lack components removed found in a whole disk image. VFC v7 can now emulate seamlessly the missing components and allow such images to be converted to a bootable virtual machine.
Virtualising a single volume image involves setting up a virtual environment where the contents of the single volume image can be accessed and interacted with as if it were a physical storage volume. A virtual machine provides a controlled and isolated environment to work with the contents of the image, making it easier to analyse and manipulate the data without affecting the original image.
VFC does all this for you which makes it an invaluable tool that can be used for various purposes such as Cyber\Digital Forensic testing, development and analysis.
This is particularly useful for images that were captured as a single volume or where an image has been converted from another volume based format such as a device that is TPM(TCM) encrypted or “BitLocker&rdquo, “VeraCrypt”, or any supported image format that can be converted in this way.
Using VFC to Virtualise a TPM, BitLocker or VeraCrypt encrypted single volume image enables controlled access and analysis of the decrypted data without modifying the original image
VFC enables a Cyber\Digital\Incident Response Investigator to follow the best practices of maintaining the integrity of the digital evidence with confidence and ensures that a proper chain of custody is maintained throughout the analysis process.
(Please note VFC does not support L01 logical images. These do not contain file system information and cannot be converted to a bootable virtual machine.)
Microsoft's S Mode, is a secure and streamlined version of the Windows 10 operating system designed to enhance security, performance, and reliability for specific devices, particularly lower-cost and education-focused devices. The "S" in S Mode stands for "Security, Streamlined, and Superior Performance."
VFC enables the system to operate like a standard operating system without the controls and security restrictions of S-Mode.
This very powerful feature allows you to inject third party analysis software into a VM while VFC is generating it. Whether you are a Cyber Forensic; Digital Forensic; Incident Response Investigator you will have your favourite suite of tools to aid and carry out analysis of a device in your enquiries, using this feature you can use the generated VM to get the answers more efficiently and effectively in the field or in the lab.
Being able to quickly triage a computer device on scene or in the Lab can prove vital prioritising items can save time and an organisation money. When conducting on scene triage, you want to be in and out as quickly as possible, while collecting sufficient evidence to warrant bringing the device back to the lab or even decide it does not meet the case parameters. VFC triage allows you quick and safe access to the device, within 30 seconds of selecting the partition, you will be able to view the VFC Triage log that can provide you with the following:
