Comments on: Microsoft COFEE security key sucks criminal data from locked-down PCs

By: Prefect

Prefect — Mon, 07 Dec 2009 22:09:27 +0000

Why is it lame to take the time to analyze something, determine the scope of a risk, publish the findings, and then attempt to assuage people’s concerns about the tools release?

I think its lame to write a half ass comment like yours.

By: Ahmet Kemal Denizcan

Ahmet Kemal Denizcan — Wed, 02 Dec 2009 23:24:51 +0000

how LAME is to post a comment about a privacy concern like :

COFEE is basically sysinternal utilities and built in OS utilities in a wrapper. There isn’t much to it, not worth worrying about.

this topic is information !
RTFM

By: Prefect

Prefect — Tue, 10 Nov 2009 22:17:42 +0000

COFEE is basically sysinternal utilities and built in OS utilities in a wrapper. There isn’t much to it, not worth worrying about.

Full analysis: http://praetorianprefect.com/archives/2009/11/more-cofee-please-on-second-thought/

By: mrp

mrp — Wed, 07 Jan 2009 04:03:44 +0000

No need to get testy about it. I’m law enforcement (US) and have it. It is simply a bunch of FREE, fairly available bit’s of software that was put together for a specific task, and does it quickly. You can’t hide it, or do much sneaking with it, you have to have physical control of the computer to use it. Here in the U.S., that requires a search warrant. If you haven’t been doing anything illegal, it shouldn’t be any problem. Our search warrant (here) requires that electronic devices be listed in the warrant or you don’t touch (unless of course, you view something “in plain view”). I have found every single piece of software in COFEE on the web elsewhere, available for FREE. The two guys (one now works for MS) simple put them to use with a single interface that give you a result sheet. We still have to use police/law and computer skills to make any sense out of it or make a case out of it. In fact, I have used (before COFEE) many of the tools in batch files or on a linux boot CD, and YES most of them work on LINUX based OS’s, in fact, Linux guys have created plenty of neat tools to do the same on Linux. I am now seeing numerous tools for the Mac’s available for FREE. All that is being done here is that Microsoft gave cops a little boost/help and thankfully hasn’t given it out to the public, as it would surely be abused. You should be happy, as it has saved tax payers a lot of money over the PAY software that usually starts at $5,000 and goes up.

By: Sharkey

Sharkey — Sun, 01 Jun 2008 21:19:07 +0000

Wish this was new.. it’s not.
Datalifter is another product that does this kind of thing.
Opensource: RAPIER (check on googlecode) can be configured to run from USB.

So while cool, and only for Law Enforcement, the rest of us can look to other tools.

Question is – how court tested is this?

By: Yonah

Yonah — Sun, 11 May 2008 14:40:54 +0000

[quote comment="40644"]COFEE works only on Windows, not an computers with any other OS.[/quote]

Because Windows is the mostly commonly used OS. You can do the same thing with Linux or OSX, except your chances of encountering these machines in the wild is so low, there is less demand for a tool that automates this process.

As someone who has collected forensic evidence from all 3 machines, no OS offers you any real protection. The only way to be safe is to encrypt the data yourself.

By: lawyer

lawyer — Fri, 02 May 2008 17:57:48 +0000

Coffee? How ’bout DONUT?! Actually, with all the e-discovery rules out there, this tool may get even wider utilization, even in civil litigation.

By: devloy

devloy — Fri, 02 May 2008 04:07:16 +0000

Well its not the point that Windows is unsecure or not. Windows is developed by Microsoft (in case you didn’t know that), so Microsoft can always leave backdoors or knows exactly how its OS works. This is no mystery or special utitlity. MS has created an extra set of tools that can bypass its own security.

They should call it TRATOR instead of COFEE.

UBuntu is out with new desktop edition and I am switching to it soon, criminal activities or no criminal activities I don’t want anyone getting into my system without my permission or knowledge.

MS days are numbered, with OpenSource on the rise!!!

By: Arno Ehaus

Arno Ehaus — Wed, 30 Apr 2008 22:36:31 +0000

@Chiva: Yes, meanwhile is MacOs closer to Microsoft, than the user wants. So often the tools can be programmed for Windows and MacOS. Different names, but same software for two systems. I think any day we have such a tools for Linux, but not so efficient.

By: Chiva

Chiva — Wed, 30 Apr 2008 20:45:10 +0000

@Arno: Mac has MacLockPick, that has the same function

By: Arno Ehaus

Arno Ehaus — Wed, 30 Apr 2008 11:05:34 +0000

COFEE works only on Windows, not an computers with any other OS. So, wich criminal user is so crazy and uses such an unsecure system?

By: Boss

Boss — Tue, 29 Apr 2008 22:15:50 +0000

I have a few employees that I need to use this on. How do I go about purchasing one?