LOGIN
REGISTER
Worth Reading?
+25 [31 votes]
Microsoft has revealed that, since June 2007, multiple law enforcement agencies have been using a forensic device it has developed that can bypass security on a Windows-powered machine and extract data for use in criminal investigations. Called COFEE – Computer Online Forensic Evidence Extractor – the gadget is apparently a USB thumb-drive onto which Microsoft have loaded 150 ‘commands’ that can, among other things, decrypt passwords, display internet activity, and uncover all data stored on the computer. Most importantly, it can do this on-site, rather than an investigator needing to remove a machine during a search or raid and send it to a lab for analysis.
The announcement came at a company conference held for security experts yesterday, with Microsoft General Counsel Brad Smith describing COFEE as the result of “new digital cities” developing which traditional law enforcement professionals have trouble regulating. The company provides COFEE free of charge. In excess of 2,000 people, spread across in 15 countries (including Poland, the Philippines, Germany, New Zealand and the US) are currently equipped with the device.
“These are things that we invest substantial resources in, but not from the perspective of selling to make money. We’re doing this to help ensure that the Internet stays safe” Brad Smith, Microsoft General Counsel
While the usual cries of “evil Microsoft!” have already been heard, in real terms the gadget presents little new. Experts have always been able to bypass Windows security, COFEE just enables less adept users to do so on-site.
I have a few employees that I need to use this on. How do I go about purchasing one?
COFEE works only on Windows, not an computers with any other OS. So, wich criminal user is so crazy and uses such an unsecure system?
@Arno: Mac has MacLockPick, that has the same function
@Chiva: Yes, meanwhile is MacOs closer to Microsoft, than the user wants. So often the tools can be programmed for Windows and MacOS. Different names, but same software for two systems. I think any day we have such a tools for Linux, but not so efficient.
Well its not the point that Windows is unsecure or not. Windows is developed by Microsoft (in case you didn’t know that), so Microsoft can always leave backdoors or knows exactly how its OS works. This is no mystery or special utitlity. MS has created an extra set of tools that can bypass its own security.
They should call it TRATOR instead of COFEE.
UBuntu is out with new desktop edition and I am switching to it soon, criminal activities or no criminal activities I don’t want anyone getting into my system without my permission or knowledge.
MS days are numbered, with OpenSource on the rise!!!
Coffee? How ’bout DONUT?! Actually, with all the e-discovery rules out there, this tool may get even wider utilization, even in civil litigation.
Because Windows is the mostly commonly used OS. You can do the same thing with Linux or OSX, except your chances of encountering these machines in the wild is so low, there is less demand for a tool that automates this process.
As someone who has collected forensic evidence from all 3 machines, no OS offers you any real protection. The only way to be safe is to encrypt the data yourself.
Wish this was new.. it’s not.
Datalifter is another product that does this kind of thing.
Opensource: RAPIER (check on googlecode) can be configured to run from USB.
So while cool, and only for Law Enforcement, the rest of us can look to other tools.
Question is – how court tested is this?
No need to get testy about it. I’m law enforcement (US) and have it. It is simply a bunch of FREE, fairly available bit’s of software that was put together for a specific task, and does it quickly. You can’t hide it, or do much sneaking with it, you have to have physical control of the computer to use it. Here in the U.S., that requires a search warrant. If you haven’t been doing anything illegal, it shouldn’t be any problem. Our search warrant (here) requires that electronic devices be listed in the warrant or you don’t touch (unless of course, you view something “in plain view”). I have found every single piece of software in COFEE on the web elsewhere, available for FREE. The two guys (one now works for MS) simple put them to use with a single interface that give you a result sheet. We still have to use police/law and computer skills to make any sense out of it or make a case out of it. In fact, I have used (before COFEE) many of the tools in batch files or on a linux boot CD, and YES most of them work on LINUX based OS’s, in fact, Linux guys have created plenty of neat tools to do the same on Linux. I am now seeing numerous tools for the Mac’s available for FREE. All that is being done here is that Microsoft gave cops a little boost/help and thankfully hasn’t given it out to the public, as it would surely be abused. You should be happy, as it has saved tax payers a lot of money over the PAY software that usually starts at $5,000 and goes up.