backtop

Print E-mail del.icio.us 12 comment(s) - last by vtech2.. on May 25 at 5:53 PM
Microsoft spills more COFEE

Last week, Microsoft demonstrated to law enforcement experts a new cybercrime-fighting tool called COFEE – short for Computer Online Forensic Evidence Extractor. Essentially a USB thumb drive pre-loaded with about 150 publically available tools, law enforcement can use COFEE to extract sensitive information from a computer before it’s powered down and confiscated.

There was certain confusion, however, as some believed that COFEE is able to defeat Windows BitLocker with access to a backdoor. Microsoft denied such functionality, as Tim Cranton, associate general counsel for Microsoft, said, “COFEE does not circumvent Windows Vista BitLocker encryption or undermine any protections in Windows through secret 'backdoors' or other undocumented means.”

“The key to COFEE is not new forensic tools,” said Cranton, “but rather the creation of an easy to use, automated forensic tool at the scene. It's the ease of use, speed, and consistency of evidence extraction that is key.”

To help further clear any misconceptions regarding its COFEE tool, Microsoft shared with BetaNews some additional information. “COFEE works by being plugged into a running system where a user has already logged on. It enables law enforcement to expedite the evidence gathering process by automating over one hundred different commands that would otherwise have to be typed by hand. COFEE saves the results for later analysis, preserving information that could be lost if the computer had to be shut down and transported to a lab,” a Microsoft representative wrote in an email.

“COFEE is designed for use by law enforcement only with proper legal authority. It does not contain new forensic tools, but rather is an easy to use, automated forensic tool at the scene,” it continued. “Because COFEE is designed to be used by law enforcement officials in investigations that deal with highly sensitive evidence and information, the exact methods by which the COFEE tool works cannot be disclosed.”

Microsoft credits the conception of COFEE originally by Anthony Fung, formerly of the Hong Kong Cybercrime Police Unit, in 2006. COFEE was released to a limited group in 2007, and is now used by more than 2,000 forensic examiners in more than 15 different countries.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
New! From Microsoft...
By MrBlastman on 5/6/2008 10:41:24 AM , Rating: 5
First, they create COFEE for the cops, next thing you know, Microsoft will release DONUT to complement it...

For the cops.




RE: New! From Microsoft...
By Omega215D on 5/6/2008 1:07:51 PM , Rating: 5
I wonder if there'll be a Hot COFEE mod for this...


This is why....
By 67STANG on 5/6/2008 11:01:18 AM , Rating: 2
I keep all my illegal stuff on a computer with no USB or Serial ports. Problem solved. =)




RE: This is why....
By Moishe on 5/6/2008 2:59:20 PM , Rating: 2
exactly....


RE: This is why....
By JonnyDough on 5/8/2008 11:46:21 PM , Rating: 2
It's only a matter of time before some cop sells one of these to a programmer/night hacker who creates anti-Cofee software that erases the USB thumb drive. Does MS plan on releasing updates for this? Will they be available through MSDN or do we have to have a user account on PIG? (Police Information Gateway).


just like the riaa training video
By tastyratz on 5/6/2008 9:57:33 AM , Rating: 2
How long do you think it will be before a direct rip of the tool shows up as a torrent on the pirate bay?

oh the irony!




By Gholam on 5/6/2008 10:16:59 AM , Rating: 2
Hmm
By RogueSpear on 5/6/2008 8:37:43 AM , Rating: 2
quote:
and is now used by more than 2,000 forensic examiners in more than 15 different countries.

Something tells me this translates to "we've given this to, and it has been accepted by, 2,000 forensic examiners". Having worked in the field, there's an awful lot of good tools out there, many of them also free and publicly available.




Iron Man makes sense now
By shaw on 5/6/2008 11:05:02 AM , Rating: 2
That flash drive that was used in the movie is COFFEE! Here I thought it was more hacker gui.




what if.....
By HighWing on 5/6/2008 1:31:45 PM , Rating: 2
I know this is probably not the case, but in reading this, I keep picturing a scenario in my mind where this device is Windows only, and forensics officers come across a computer using Linux and they are dumbfounded at why the device just doesn't "work" when they plug it in!!




By dare2savefreedom on 5/6/2008 10:23:04 PM , Rating: 2
wtf is this world coming too....

gta 4 not on pc
no half-a$$ madden on pc
EA sorts makes an almost decent 30fps nhl

and now a convicted criminal organization making tools for the police.

will it have a backdoor for miCro$oft when they are getting investigated?

all hail the death of pc gaming!




I'd love to see it
By vtech2 on 5/25/2008 5:53:02 PM , Rating: 2
My server for the sensitive data is an UltraSparc wo/ any graphical card, running Gentoo Linux and Truecrypt. No USB, even no keyboard. I'd love to see the cop running around this machine clueless :-))




"I'm an Internet expert too. It's all right to wire the industrial zone only, but there are many problems if other regions of the North are wired." -- North Korean Supreme Commander Kim Jong-il








botimage
Copyright 2008 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki