Microsoft's COFEE forensics tool leaks online

By Tom Warren on November 9, 2009, 9:12 AM
Microsoft's secret Computer Online Forensic Evidence Extractor (COFEE) has leaked online, and is now available to all. COFEE is quick an easy to use tool, approximately 15MB in size that fits on a USB drive for law enforcement officials to use in PC forensics. It can be used to locate parts of a computer's hard drive used by criminals to commit identity theft, online fraud, child pornography and other such crimes.

The small program contains 150 commands which simplify and speed up the process of data retrieval. According to a Microsoft spokesperson "an officer with even minimal computer experience can be tutored—in less than 10 minutes—to use a pre-configured COFEE device."

Read more at Neowin - These articles are brought to you in partnership with Neowin.net




User Comments: 7

Got something to say? Post a comment
Puiu Puiu said:

Since it only works on XP (for now) criminals should just switch to another OS (win7/vista/98/mac/linix) and they have the minimal protection against law enforcers. ^_^

treeski treeski said:

This is pretty cool. I had no idea that Microsoft worked on stuff like this.

abautu said:

Yes, like that's what you want: put an officer with minimal computer experience against a identity theft hacker. We need professionals to counteract professionals.

zaidpirwani said:

Puiu said:

Since it only works on XP (for now) criminals should just switch to another OS (win7/vista/98/mac/linix) and they have the minimal protection against law enforcers. ^_^

Maybe all criminals should start using Linux now...

Or even TrueCrypt to encrypt all their bad deeds, but I think all those who do these kind of things are well aware of this and will be 2 steps ahead always...

freedomthinker said:

i still don't really get what is this for ?

Timonius Timonius said:

'REAL criminals' would use linux or something similar anyways (Not xp,vista,7 or osx). And they would have high powered electro magnets at the ready just in case. Just sayin'...

Guest said:

The forensics comminuties have had tools like COFEE for some time. It is another wrapper which under the hood executes builtin OS commands and tools from sysinternals. It is created in a way that a non-technical law enforcement person can run it, very standardized so the impact to the target system is known. Many free tools actually do this better but require more technical understanding. For example, I didn't see that COFEE dumps the memory, pagefile or prefetch directories which all can contain important information, some other tools handle this.

http://praetorianprefect.com/archives/2009/11/more-cofee-ple
se-on-second-thought/

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.