Microsoft's secret Computer Online Forensic Evidence Extractor (COFEE) has leaked online, available for all.COFEE is a forensics tool, approximately 15MB in size that fits on a USB drive for law enforcement officials to use in PC forensics. According to Microsoft:
With COFEE, law enforcement agencies without on-the-scene computer forensics capabilities can now more easily, reliably, and cost-effectively collect volatile live evidence. An officer with even minimal computer experience can be tutored—in less than 10 minutes—to use a pre-configured COFEE device. This enables the officer to take advantage of the same common digital forensics tools used by experts to gather important volatile evidence, while doing little more than simply inserting a USB device into the computer.
COFEE can be used to locate parts of a computer's hard drive that criminals could use for identity theft, online fraud, child pornography and other such crimes. It is designed to be easy to use and quick for law enforcement officials. The small program contains 150 commands which simplify and speed up the process of data retrieval. According to a Microsoft spokesperson "an officer with even minimal computer experience can be tutored—in less than 10 minutes—to use a pre-configured COFEE device."
COFEE requires Windows XP for configuration however, it does have some Windows Vista support. According to company insiders, Microsoft is developing a new version of COFEE which will be released next year that fully supports Windows Vista and Windows 7.
Image Credit: CNET news.com
Ya I agree, I cant find it anywhere
it's about 14MB in size, sound about right? (i.e. COFEE v1.1.2 Installer.msi ? )
Last edited by ThaCrip on 09 Nov 2009 - 13:02
Mr Tom... is it okay to post screenshots of this program? (If I get it working under Windows 7) ?
Explain.
/me facepalms
I'm sorry but 50TB of CP would get you life in prison and a needle in your arm in some countries/states. I don't know about you but I would rather a couple of million in you-dont-actually-have-to-pay-them fines versus a needle in my arm.
I know you think you're cool and all because you grabbed COFEE off TBP or whatever but you need a serious wake up call.
I do have the pdf thou which is the manual, I can give Tom a link to it later if he pleases for additional information and or screenshots.
I do have the pdf thou which is the manual, I can give Tom a link to it later if he pleases for additional information and or screenshots.
RTFA
within the pdf manual, it mentions the investigator's machine, which can be XP and above, where the software is installed, and then the target machine, where the scan is performed from the usb drive - which must be windows XP
Hardware: Pentium 4 or Above
512 MB RAM
USB 1.1 or higher
50MB free hard drive space
Software: Windows XP or Above
.NET Framework 3.5 or higher
USB Removable Device
Hardware: Minimum 1GB Device
Recommended 2GB or larger
File System: FAT32 File System is recommended
Target Machine
Hardware: USB Port Enabled
Software: Windows XP*
*Windows XP is currently the only supported operating system. It is possible that COFEE will work on additional operating
systems, but these operating systems have not been tested, and are not supported.
Terrorists and criminal around the world will now rush to upgrade to Windows 7. What a marketing coup!
Terrorists and criminal around the world will now rush to upgrade to Windows 7. What a marketing coup!
Or just use a version of Linux..
Or Mac OS X.
What if they wanted to, you know, do stuff with their computer?
I don't think they're that well funded.
Heh, in law enforcement I think it's more usually a case of half-trained college drop outs.
That being said, the more applications like this are released, the better for everyone. I could see something like this being used in education too, as there are a lot of students who are very adept at covering their tracks, not just criminals! Maybe the students are the criminals.....
BTW, this is 2 days old news
It's really of no benefit to anyone who is even remotely computer literate. Slashdot had links to the downloads a couple of days ago and Microsoft don't really care about distribution of it (nor do Interpol who have signed a deal with Microsoft for distribution of it). It's not a big deal.
http://www.interpol.int/public/ICPO/PressR...09/PR200937.asp
Interpol.int good enough for ya?
Like I said; nothing near top secret or super cool.
Lol, aren't we all.
Just to clarify; I agree COFEE is a fantastic step forward for computer crime (the less beat cops destroying evidence the better) but yeah this has no value for IT professionals or security hobbyists.
You would benefit a lot more from a Nessus home feed or Backtrack.
That's who it's aimed at, not every law enforcement official is all that computer savvy
Oh for sure I didn't mean to give an indication otherwise. I meant all the hub-bub by some of the people here about it is misplaced.
Im pretty sure this was "Leaked" on purpose. "some" vista support, and then it advertises to say that a new version is being released that supports Vista and Windows 7. Unless this was the new version, it's pretty good timing for M$ to "leak" a outdated version.
Im pretty sure this was "Leaked" on purpose. "some" vista support, and then it advertises to say that a new version is being released that supports Vista and Windows 7. Unless this was the new version, it's pretty good timing for M$ to "leak" a outdated version.
Man, "M$" bashers get more ridiculous everytime.
They probably can't afford an 'S' key with all the shiny Apple Hardware they're buying (;
It isn't any hidden hooks into Windows and it's a piece of software that's been known about for a while. The only thing is it doesn't have general availability, which is hardly unusual.
Anyway, as others have indicated it doesn't appear to be very sophisticated at all.
(Sometimes I'm amazed by the lack of intelligence and basic reading ability by people posting on here - it really does amaze!)
A defense attorney would crucify an officer who did not understand the intricacies of the evidence he took.
Bitlocker is provided my MS and this tool breaks it.
Bitlocker is provided my MS and this tool breaks it.
lol wat. Proof?
Wasn't that a blaxploitation classic starring Pam Grier?
http://praetorianprefect.com/archives/2009...second-thought/
It may not be the best tool, but it does work.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.