Microsoft has revealed that, since June 2007, multiple law enforcement agencies have been using a forensic device it has developed that can bypass security on a Windows-powered machine and extract data for use in criminal investigations. Called COFEE – Computer Online Forensic Evidence Extractor – the gadget is apparently a USB thumb-drive onto which Microsoft have loaded 150 ‘commands’ that can, among other things, decrypt passwords, display internet activity, and uncover all data stored on the computer. Most importantly, it can do this on-site, rather than an investigator needing to remove a machine during a search or raid and send it to a lab for analysis.
The announcement came at a company conference held for security experts yesterday, with Microsoft General Counsel Brad Smith describing COFEE as the result of “new digital cities” developing which traditional law enforcement professionals have trouble regulating. The company provides COFEE free of charge. In excess of 2,000 people, spread across in 15 countries (including Poland, the Philippines, Germany, New Zealand and the US) are currently equipped with the device.
“These are things that we invest substantial resources in, but not from the perspective of selling to make money. We’re doing this to help ensure that the Internet stays safe” Brad Smith, Microsoft General Counsel
While the usual cries of “evil Microsoft!” have already been heard, in real terms the gadget presents little new. Experts have always been able to bypass Windows security, COFEE just enables less adept users to do so on-site.