Microsoft's secret Computer Online Forensic Evidence Extractor (COFEE) has leaked online, and is now available to all. COFEE is quick an easy to use tool, approximately 15MB in size that fits on a USB drive for law enforcement officials to use in PC forensics. It can be used to locate parts of a computer's hard drive used by criminals to commit identity theft, online fraud, child pornography and other such crimes.

Read the whole story

Since it only works on XP (for now) criminals should just switch to another OS (win7/vista/98/mac/linix) and they have the minimal protection against law enforcers. ^_^

This is pretty cool. I had no idea that Microsoft worked on stuff like this.

Yes, like that's what you want: put an officer with minimal computer experience against a identity theft hacker. We need professionals to counteract professionals.

Maybe all criminals should start using Linux now... :)
Or even TrueCrypt to encrypt all their bad deeds, but I think all those who do these kind of things are well aware of this and will be 2 steps ahead always...

i still don't really get what is this for ?

'REAL criminals' would use linux or something similar anyways (Not xp,vista,7 or osx). And they would have high powered electro magnets at the ready just in case. Just sayin'...

The forensics comminuties have had tools like COFEE for some time. It is another wrapper which under the hood executes builtin OS commands and tools from sysinternals. It is created in a way that a non-technical law enforcement person can run it, very standardized so the impact to the target system is known. Many free tools actually do this better but require more technical understanding. For example, I didn't see that COFEE dumps the memory, pagefile or prefetch directories which all can contain important information, some other tools handle this.

http://praetorianprefect.com/archives/2009/11/more-cofee-please-on-second-thought/