A friend of mine Megan told me that she got an error message as below screenshot when trying to open a virtual machine on suspect's laptop.
She tried to take a guess but in vain. What's wrong with this virtual machine anyway???
Obviously it's an encrypted and restricted VM. Let's take a look at the default setting of "Access Control". As you could see that it's not encrypted.
We could set a password for encryption. Guess what? All files in this VM including the vmdks and vmx are all encrypted. As far as I know that there is no way to decrypt this VM!!!
Furthermore we could restrict the user to modify any settings or set a expire date of this VM.
Without password you could not open this encrypted VM. Let's take a look at it's vmx and you will know what's going on.
Unfortunately forensic tools may not be able to decrypt those encrypted files. Forensic examiners won't have any idea of what's inside this VM unless they got the password.