Microsoft issues takedown for leaked COFEE software

By Justin Mann on November 25, 2009, 7:00 PM
Microsoft faced a bit of embarrassment earlier this month when their COFEE forensics tool leaked onto the Web. The collection of programs and scripts is given to law enforcement to make PC forensics easy, and while it's composed of readily-available tools, it is still considered to be a proprietary package.

Redmond has now issued legal threats to anyone who made the tool available for download, but it may be too late to avoid circulation. COFEE was listed on various torrent networks and other locations on the Internet. This move is likely a reflection of Microsoft's anti-piracy agenda more than an effort to prevent distribution. They reinforced their legal threats with requests to hosting companies to pull sites which mirrored the files involved.

At least one site, Cryptome, has already been taken down, and most sites will probably comply with the request voluntarily. The damage has already been done, and new versions of the tool are already in development, which will make the leaked version obsolete.




User Comments: 24

Got something to say? Post a comment
klepto12 klepto12, TechSpot Paladin, said:

well microsoft has thrown there money at someone once again but it is there right since they lost there software.

codefeenix codefeenix said:

Wouldn't call this news.

Issuing take down notices is many companies SOP

Fada said:

Too late microsoft, i already got myself a copy! not that i am ever going to use it, kinda defeats the purpose of downloading it, but hey its free.

lfg18 said:

As always microsoft released something they shouldn't, just like with their windows 7, anyway I don't really imagine why would somebody want these programs, not me a least

Xclusiveitalian Xclusiveitalian said:

"Microsoft faced a bit of embarrassment earlier this month" nah that happened already with vista ^_^ On a serious note tho, good job microsoft leaking such important tools to criminals, bravo!

kimsland, Ex-TechSpotter, said:

lol :) I like the PDF in Coffee right at the end it states:

Version 1.1.2 Fixed bug which would not allow drives with drive labels to be formatted or wiped.

No its probably not meant for the standard User, but imagine the previous version where investigators would "wipe" someone's drive accidentally when trying to recover information. (actually it says "not", but anyway, still a concern for the standard non educated User)

Anyway, big hype over nothing, all tools including hex checkers can be found on the Net, mind you, you need to know what hex string you are looking for, and having those updated lists ("Dictionaries" I think) have always been the hardest thing to get ;) But without them, then its very hard (nearly impossible) to search for suspect files.

IvanAwfulitch IvanAwfulitch said:

Does anyone else find it mighty convenient that they already have a new product ready for deployment in its place? That was mighty fast, MS. Got anything else that you'd like to share with us that you already have squared away?

Puiu Puiu said:

They just want more attention towards that product. It's not like they care that it appeared on the internet (i suspect that one of their own did it), it was only a matter of time until it happened, but they are working on a new version and they need to give the police (or whoever is buying it) a reason to buy the new one.

Styl said:

Puiu said:

but they are working on a new version and they need to give the police (or whoever is buying it) a reason to buy the new one.

Actually, Microsoft provides COFEE to law enforcement agencies for free. As for issuing a takedown demand, that will accomplish very little.

Razerblade said:

I love the fact that Microsoft is threatening people when it was their fault the software got leaked! They should take responsibility for it and not pass the blame to anyone else!

Nirkon said:

How does MS manage to leak the exact thing that SHOULDN'T be leaked... I mean

come on, use more security and discretion.

freedomthinker said:

Just a simple question ? So what ?

yorro said:

Microsoft should handle their people carefully.

JudaZ said:

its a pointless piece of kit anyway, ... so who cares you spilled your COFEE?

Cyberman said:

I see any problem on having this software

lupinnktp said:

juz some noise Mic makes to keep itself on consumers' mind, be it good or bad? lol. i don't really thing this deserves much fuss/attention. the wares in COFEE ain't new to begin with. more like a collection with easy-of-use so average law inforcement (who ain't geeks) can use on-site.

ColdPreacher said:

Something so sensitive as COFEE was leaked on to sites. Maybe the new version will as well.

tengeta tengeta said:

Wow, people, read some stuff before getting ridiculous. The COFEE crap does nothing you couldn't do normally, it just does it faster by typing commands for you. Its more or less for a police department that doesn't train their forensics in anything computer related (Which seriously, WTF).

manintech said:

sounds like a useless software anyway

vangrat said:

Okay, so this "kit" just assists people in investigations. So no security risk there, essentially MS just want it taken down like any piece of their software packages. It is possible that this wasn't leaked by MS at all, perhaps a disgruntled govt employee somewhere decided to upload it or some such...

Vicenarian said:

JudaZ said:

its a pointless piece of kit anyway, ... so who cares you spilled your COFEE?

At least the COFFEE wasn't hot...

JudaZ said:

Vicenarian said:

JudaZ said:

its a pointless piece of kit anyway, ... so who cares you spilled your COFEE?

At least the COFFEE wasn't hot...

Nope Seems like its mostly some old COFEE left in a pot all day long...now stone cold , usless and tastes stale.

fref said:

If all the tools are readily available on the web already, why go through all this trouble to take it down? Plus, it's only tools to help catch criminals, not help them. I just don't see where the problem is.

swilllx2p said:

I took quite a few computer forensics classes in school..and I find this funny because the COFEE tool suite is nothing special at all...There is certainly better products out there for forensics if you can pay for them, heck we got them free in our classes. And even funnier..as others said you can download tools that do the same thing as offered in COFEE anyways.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.