Microsoft has developed a small plug-in device that investigators can use to quickly extract forensic data from computers that may have been used in crimes.
The COFEE, which stands for Computer Online Forensic Evidence Extractor, is a USB "thumb drive" that was quietly distributed to a handful of law-enforcement agencies last June. Microsoft General Counsel Brad Smith described its use to the 350 law-enforcement experts attending a company conference Monday.
The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer.
View: Full Article @ The Seattle Times
The COFEE, which stands for Computer Online Forensic Evidence Extractor, is a USB "thumb drive" that was quietly distributed to a handful of law-enforcement agencies last June. Microsoft General Counsel Brad Smith described its use to the 350 law-enforcement experts attending a company conference Monday.
The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer.
View: Full Article @ The Seattle Times
Kind of defeats the whole point of secure encryption dont it
Kind of defeats the whole point of secure encryption dont it
Well, say, someone is arrested in your neighborhood, for molesting a child, wouldn't you like the police to have this device to get all relevant information out of his computer?
I would bet it's not just plugging it in.
We know nothing relevant about the technical side of this, there might be a hardware RSA key or something you would need to activate it?
I bet the developers of this device is smarter than we all could think.
They're not smarter than I am, which means the only thing keeping everyone else safe is my integrity.
That would be fine, EXCEPT that I can't vouch for all of the other "smarter than they are" people in the world.
And therein lies the problem with such a device getting into the wild.
QED
Yet neowins title is "Microsoft Gives Police Keys To Unlock Vista Security"
I love how you spin it.
In the whole article, there is not a single word about Vista and the poster still tries his luck with flaming MS and Vista.
For a site like Neowin, this is unacceptable. Please either fix the title or delete this whole news report.
I guess I may have read too much into a developing story: http://blog.seattletimes.nwsource.com/tech...fee_device.html . Who knows where this will lead, though?
The trick remains that MS are giving police a quick way to get at encrypted aspects of your Vista computer. However they want to spin it, that is the case. And it means that the title is accurate.
Last edited by James7 on 30 Apr 2008 - 09:22
In my line of work we often need to bypass the security in Windows, search through mass amounts of data and computer history and more. The tools we use do everything and more then Microsoft's package, which it is providing to law enforcement agencies, and many of our tools have similar clones which can be found online if you know where to look.
Its safe to assume that anyone using the package provided by microsoft will also have access to the tools i have, and if that is the case then this changes nothing. Your data is never safe.
I can tell you right now from my own experiences: No matter what you do, if the data exists somewhere, in some form it can be extracted and can be analysed it only takes time.
Anyone who expects privacy from the security provided with windows is sadly very mistaken.
You should be less worried about microsoft and more worried about your civil rights.
A tip from me, if you have data that you need to hide or secure, destroy it. If you cant do that, find a drive and use low level hardware encryption.
I love the way you call vista "pista".
Shows how mature you are.
Shows how mature you are.
I like ****sta.
Among otherthings they have to have PHSYICAL ACCESS to the PC, its not like there taking these USB drives home and hacking into your PC to pry on your private life of 4chan, Neowin and MSN logs
Grab your tinfoil hat james!
I may be wrong but I was under the impression you could use this USB to hook up to a computer that is already running and so analyse the RAM (which would of course be lost with a reboot).
"It's basically a thumb drive that is like a Swiss army knife for law enforcement officials that are investigating computer crimes. If you're a law enforcement official and let's say you have access to a computer that might be used, for example, by a child predator, a lot of times they have information on their hard disk that's encrypted, and you've got that information off in order to have a successful investigation and prosecution.
"In the past, people would have to literally unplug the computer, they would lose whatever was in RAM. They'd have to transport it somewhere else, and it would take at least four hours, often more to get at the heart of the information."
The device can get that job done in as little as 20 minutes, Smith said.
"With this tool, they can just plug it into the computer, wherever it's located. They don't have to turn off the power. It has over 150 different technology tools that law enforcement officers can use to analyze data, to get access to passwords, to obtain the information typically that people need to successfully prosecute a crime."
Source: http://blog.seattletimes.nwsource.com/tech...fee_device.html
Actually, come to think of it, this sounds exactly like a backdoor to be honest. We downplay the significance of this matter at our peril. Just imagine what criminals could do with these tools, say, modified for use in spyware or whatever. This is not exactly 'security', where you can just plug in a USB and take over someone's computer. This must mean that Windows Vista is coded to be 'open' and 'receptive' to these tools, if it drops all security the moment such a USB is inserted. This is scary, to me at least.
Last edited by James7 on 30 Apr 2008 - 12:40
BTW, you do realize that every "BUILTINadministrator" SID in windows is 500 right? Given the average user using administrator, and many not being disabled even if they don't use it, there is a lot less security around than most people think.
grrr...the reply is to the wrong level, should have been to:
"Actually, come to think of it, this sounds exactly like a backdoor to be honest..."
"There are no American infidels in Baghdad. Never!"
"There are no infidel backdoors in Windows! Over my dead body!"
"There are no American infidels in Baghdad. Never!"
"There are no infidel backdoors in Windows! Over my dead body!"
I liked when the general was asked about the Tanks with US flags on them behind him, he said, 'no worry, they have come to surrender'.
Anyway, this was also mentioned in xp about a little back door only savvy people knew about and m$ were told about it then they realized they were tumbled and patched it.
well, they have been distributing these for almost a year from what i can tell from some Norwegian sources.
I would guess that this device isn't easy to copy/re-produce.
Microsoft would have some serious lawsuits on them if this device was "just software on usb stick", and someone copied it and put it out there.
Have some faith in Microsoft.
Your post is pure speculation btw, using words like "guess", "would have/if", "from what I can tell", and worst of all "faith".
I would have faith until I remember that the smartest cryptographers in the world don't work at MS.
There is nothing they can encrypt that others can't encrypt and duplicate.
The Chinese, in particular, have shown themselves to be VERY adept at doing just that...bypassing milspec and dod level security measures.
It's called industrial espionage and MS just made their lives a hell of a lot more convenient.
Your post is pure speculation btw, using words like "guess", "would have/if", "from what I can tell", and worst of all "faith".
I would have faith until I remember that the smartest cryptographers in the world don't work at MS.
There is nothing they can encrypt that others can't encrypt and duplicate.
The Chinese, in particular, have shown themselves to be VERY adept at doing just that...bypassing milspec and dod level security measures.
It's called industrial espionage and MS just made their lives a hell of a lot more convenient.
Of course it speculation, i never made any statement that would suggest otherwise?
I'm just saying that we should not underestimate Microsoft.
never trust a cop ever
On this topic
http://www.neowin.net/forum/index.php?show...#entry589365095
Yeah, that makes you a better person, wanting to hang/kill someone... NOT.
I still don't see why they don't take the pc like they've always done. Now, the cops have to be concerned with the handling of such a small device as to not lose cases in court. Anyone can simply say "prov to me the thumb drive was empty before you transferred my data to it, prove the device was sealed in an evidence bag and all handling of the bag was tracked."
One would think it be easier and safer evidence control to grab the pc.
What if the RIAA gets a hold of this are you going to say I'm not doing anything Illegal?
In the eyes of the RIAA all you have to do is rip a song to m3p, and you are guilty of a crime.
If the RIAA gets one or a bunch of clones of these all they would have to do is paste a link here on the forum that said free mp3s.
when you visit their site they have you in their net using the COFEE they examine your computer to see if you have more MP3s, and when they find them that will be all they need to sue you for damages.
Personaly this ****es me off that microsoft would create such a back door
What if the RIAA gets a hold of this are you going to say I'm not doing anything Illegal?
In the eyes of the RIAA all you have to do is rip a song to m3p, and you are guilty of a crime.
If the RIAA gets one or a bunch of clones of these all they would have to do is paste a link here on the forum that said free mp3s.
when you visit their site they have you in their net using the COFEE they examine your computer to see if you have more MP3s, and when they find them that will be all they need to sue you for damages.
Personaly this ****es me off that microsoft would create such a back door
ONLINE as in the computer is on when running the tool, not online internet-wise. It runs in realtime on the computer, before shutting it down and taking it back to the lab.
2. online doesnt mean they can use it remotely.....
3. the RIAA would have no business using this technology. If they were caught using it they'd be in a shitload of trouble, because that means that someone leaked it to them AND they are not authorized to use it.
4. as i stated in a later reply, if you don't do anything wrong, what do you have to worry?
I've said it once and i'll say it again. If you do nothing illegal, whats the problem with tools like this that "invade your privacy?"
they offered it to teh USA gov and they refused it but canada took it and
i assume has been using it ever since..
called CETS - http://arstechnica.com/news.ars/post/20080...child-porn.html
somebody has to catch the "Pete Townsend's" in this world (he got convicted for child porn)
i mention this cause i doubt most people in canada know about this
and for some reason canadians seem to think everything is Legal (when it comes to downloading)
oh noes 5.0 gotz teh usb thumb drive.. quick hide under the bed !!!111ONE
i alwayz knewz teh Mikrosoftz w3re stealingz meh memegahurtz
From Wikipeda it states that after searching 14 of his computers they didn't find anything. The post even states:
A later investigator stated that he was "falsely accused".[16] After obtaining copies of the Landslide hard drives and tracing Townshend's actions, investigative journalist Duncan Campbell wrote in PC Pro Magazine, "Under pressure of the media filming of the raid, Townshend appears to have confessed to something he didn't do." Campbell states that their entire evidence against Townshend was that he accessed a single site among the Landslide offerings which was not connected with child pornography.
Just hate to see an innocent person get a bum wrap like that.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.