Worth Reading?
+22 [26 votes]
Loading ...
Microsoft has revealed that, since June 2007, multiple law enforcement agencies have been using a forensic device it has developed that can bypass security on a Windows-powered machine and extract data for use in criminal investigations. Called COFEE - Computer Online Forensic Evidence Extractor - the gadget is apparently a USB thumb-drive onto which Microsoft have loaded 150 ‘commands’ that can, among other things, decrypt passwords, display internet activity, and uncover all data stored on the computer. Most importantly, it can do this on-site, rather than an investigator needing to remove a machine during a search or raid and send it to a lab for analysis.
The announcement came at a company conference held for security experts yesterday, with Microsoft General Counsel Brad Smith describing COFEE as the result of “new digital cities” developing which traditional law enforcement professionals have trouble regulating. The company provides COFEE free of charge. In excess of 2,000 people, spread across in 15 countries (including Poland, the Philippines, Germany, New Zealand and the US) are currently equipped with the device.
“These are things that we invest substantial resources in, but not from the perspective of selling to make money. We’re doing this to help ensure that the Internet stays safe” Brad Smith, Microsoft General Counsel
While the usual cries of “evil Microsoft!” have already been heard, in real terms the gadget presents little new. Experts have always been able to bypass Windows security, COFEE just enables less adept users to do so on-site.
I have a few employees that I need to use this on. How do I go about purchasing one?
COFEE works only on Windows, not an computers with any other OS. So, wich criminal user is so crazy and uses such an unsecure system?
@Arno: Mac has MacLockPick, that has the same function
@Chiva: Yes, meanwhile is MacOs closer to Microsoft, than the user wants. So often the tools can be programmed for Windows and MacOS. Different names, but same software for two systems. I think any day we have such a tools for Linux, but not so efficient.
Well its not the point that Windows is unsecure or not. Windows is developed by Microsoft (in case you didn’t know that), so Microsoft can always leave backdoors or knows exactly how its OS works. This is no mystery or special utitlity. MS has created an extra set of tools that can bypass its own security.
They should call it TRATOR instead of COFEE.
UBuntu is out with new desktop edition and I am switching to it soon, criminal activities or no criminal activities I don’t want anyone getting into my system without my permission or knowledge.
MS days are numbered, with OpenSource on the rise!!!
Coffee? How ’bout DONUT?! Actually, with all the e-discovery rules out there, this tool may get even wider utilization, even in civil litigation.
Because Windows is the mostly commonly used OS. You can do the same thing with Linux or OSX, except your chances of encountering these machines in the wild is so low, there is less demand for a tool that automates this process.
As someone who has collected forensic evidence from all 3 machines, no OS offers you any real protection. The only way to be safe is to encrypt the data yourself.