Microsoft device helps police pluck evidence from cyberscene

Microsoft has developed a small plug-in device that investigators can use to quickly extract forensic data from computers that may have been used in crimes.

The COFEE, which stands for Computer Online Forensic Evidence Extractor, is a USB "thumb drive" that was quietly distributed to a handful of law-enforcement agencies last June. Microsoft General Counsel Brad Smith described its use to the 350 law-enforcement experts attending a company conference Monday.

The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer.

View: Full Article @ The Seattle Times

Report a problem with article
Previous Story

Dell Cuts Jobs in Ireland

Next Story

Team Fortress 2 Update Released

47 Comments

View more comments

(naap51stang said @ #8)
Wondering how long til the source code shows up on the-pirate-bay website in 3...2...1...

well, they have been distributing these for almost a year from what i can tell from some Norwegian sources.

I would guess that this device isn't easy to copy/re-produce.

Microsoft would have some serious lawsuits on them if this device was "just software on usb stick", and someone copied it and put it out there.

Have some faith in Microsoft.

(morphen said @ #8.1)
Have some faith in Microsoft.



Your post is pure speculation btw, using words like "guess", "would have/if", "from what I can tell", and worst of all "faith".

I would have faith until I remember that the smartest cryptographers in the world don't work at MS.

There is nothing they can encrypt that others can't encrypt and duplicate.

The Chinese, in particular, have shown themselves to be VERY adept at doing just that...bypassing milspec and dod level security measures.

It's called industrial espionage and MS just made their lives a hell of a lot more convenient.

(excalpius said @ #8.2)


Your post is pure speculation btw, using words like "guess", "would have/if", "from what I can tell", and worst of all "faith".

I would have faith until I remember that the smartest cryptographers in the world don't work at MS.

There is nothing they can encrypt that others can't encrypt and duplicate.

The Chinese, in particular, have shown themselves to be VERY adept at doing just that...bypassing milspec and dod level security measures.

It's called industrial espionage and MS just made their lives a hell of a lot more convenient.

Of course it speculation, i never made any statement that would suggest otherwise?

I'm just saying that we should not underestimate Microsoft.

While it's not a real deal with us citizen, it's a big trouble with foreign countries, cause it can be used by spies.

Where in the article does it say anything about bypassing security? It sounds like a bunch of tools that just do crap like pull saved passwords.

(Apple-a-Day said @ #14)
Started getting calls on this today... Anything to cut down on Child Porn... may they all hang from "piece"

Yeah, that makes you a better person, wanting to hang/kill someone... NOT.

I laugh at how they give it an acronym name. It's just a f*ckin' thumb drive for Christ sake!!

I still don't see why they don't take the pc like they've always done. Now, the cops have to be concerned with the handling of such a small device as to not lose cases in court. Anyone can simply say "prov to me the thumb drive was empty before you transferred my data to it, prove the device was sealed in an evidence bag and all handling of the bag was tracked."

One would think it be easier and safer evidence control to grab the pc.

It's called the Online Forensic Evidence Extractor which sounds to me like some kind of hack tool.
What if the RIAA gets a hold of this are you going to say I'm not doing anything Illegal?
In the eyes of the RIAA all you have to do is rip a song to m3p, and you are guilty of a crime.
If the RIAA gets one or a bunch of clones of these all they would have to do is paste a link here on the forum that said free mp3s.
when you visit their site they have you in their net using the COFEE they examine your computer to see if you have more MP3s, and when they find them that will be all they need to sue you for damages.

Personaly this ****es me off that microsoft would create such a back door

(fr33k said @ #19)
It's called the Online Forensic Evidence Extractor which sounds to me like some kind of hack tool.
What if the RIAA gets a hold of this are you going to say I'm not doing anything Illegal?
In the eyes of the RIAA all you have to do is rip a song to m3p, and you are guilty of a crime.
If the RIAA gets one or a bunch of clones of these all they would have to do is paste a link here on the forum that said free mp3s.
when you visit their site they have you in their net using the COFEE they examine your computer to see if you have more MP3s, and when they find them that will be all they need to sue you for damages.

Personaly this ****es me off that microsoft would create such a back door

ONLINE as in the computer is on when running the tool, not online internet-wise. It runs in realtime on the computer, before shutting it down and taking it back to the lab.

1. its not a back door...
2. online doesnt mean they can use it remotely.....
3. the RIAA would have no business using this technology. If they were caught using it they'd be in a ****load of trouble, because that means that someone leaked it to them AND they are not authorized to use it.
4. as i stated in a later reply, if you don't do anything wrong, what do you have to worry?

What i dont get is WHY do people care??? U think the police are just gonna come into your house unwarrented and want to look thru your computer? If they come in and want to use this, they're damn sure gonna have a warrent.... and if they have a warrent, you must have done something VERY bad......

I've said it once and i'll say it again. If you do nothing illegal, whats the problem with tools like this that "invade your privacy?"

sounds like that P2P system they designed for spying on people that MS designed
they offered it to teh USA gov and they refused it but canada took it and
i assume has been using it ever since..
called CETS - http://arstechnica.com/news.ars/post/20080...child-porn.html

somebody has to catch the "Pete Townsend's" in this world (he got convicted for child porn)

i mention this cause i doubt most people in canada know about this
and for some reason canadians seem to think everything is Legal (when it comes to downloading)

oh noes 5.0 gotz teh usb thumb drive.. quick hide under the bed !!!111ONE

i alwayz knewz teh Mikrosoftz w3re stealingz meh memegahurtz

somebody has to catch the "Pete Townsend's" in this world (he got convicted for child porn)

From Wikipeda it states that after searching 14 of his computers they didn't find anything. The post even states:

A later investigator stated that he was "falsely accused".[16] After obtaining copies of the Landslide hard drives and tracing Townshend's actions, investigative journalist Duncan Campbell wrote in PC Pro Magazine, "Under pressure of the media filming of the raid, Townshend appears to have confessed to something he didn't do." Campbell states that their entire evidence against Townshend was that he accessed a single site among the Landslide offerings which was not connected with child pornography.

Just hate to see an innocent person get a bum wrap like that.

Commenting is disabled on this article.