» Microsoft COFEE leaked on What.cd!

[MaXe]

[Recently Microsofts "Computer Online Forensics Evidence Extractor" was leaked
on a private torrent site, the application is now widespread around the Internet]



What is COFEE?
In short words it is a set of Windows tools that runs in a batch from a USB-key.
In other words, it wont work against any hacker that suffers from general paranoia

What is COFEE in Microsofts own words?

Quote:

Microsoft has created Computer Online Forensic Evidence Extractor (COFEE),
designed exclusively for use by law enforcement agencies. COFEE brings together a number
of common digital forensics capabilities into a fast, easy-to-use, automated tool for first
responders. And COFEE is being provided—at no charge—to law enforcement around the world.

"COFEE (Computer Online Forensic Evidence Extractor) is a software that'll cut through whatever
flimsy security miscreants have slapped on windows computer in a flash, and then automatically
analyze the dirty bits the cops need to bust their ass, from internet activity to stored data, no
pwnage skillz or trips to the lab needed. Microsoft's giving the wonder tube to lawmen for free,
and 2,000 officers in 15 countries are already using it."

You can read more on websites mentioned in the references

What does COFEE require to work?
It requires physical access of course and first of all, a USB-key. However
in order to function as it should it also needs Autorun to set enabled on
USB-drives, and didn't Microsoft just disable that as default not long ago?

So, if autorun is disabled and the computer screen is locked, then the agent
wont have a chance besides taking the computer to the real Auditors.

Of course then they might run into another problem, such as the entire
harddisk except the boot-partition has been encrypted, just like I have :-D

So if you're paranoid about COFEE, don't be just disable Autorun on your
computer for USB-keys, lock your computer when you're away so people
can't run it manually and encrypt your harddisk so the encryption first has
to be broken in case your computer is stolen or taken by an agency or w/e.

The report generation is nice, but a little bit buggy in some results of course.


All of the best,
MaXe

Download Links:
http://rapidshare.com/files/304863094/COFEE_v1.1.2.rar

References:
http://torrentfreak.com/cofee-forens...-ban-it-091108
http://en.wikipedia.org/wiki/Compute...ence_Extractor
http://www.microsoft.com/industry/go...e/default.aspx
http://www.microsoft.com/industry/go...cofee_faq.mspx

[hestas]

lawl xD Very nice....

[dsf]

Thanks for sharing, didn't know what a COFEE was.

[Rorok]

Quote:

Originally Posted by dsf

Thanks for sharing, didn't know what a COFEE was.

Its what ya drink in the morning :)

ya know you can still **** your HDD up to where noone can recover it, not those clean labs. maxe taught me that trick :) its funny how lazy america is getting to have to use this.

[System]

O_O sexy!

<--- Been absent hacking my PS2 lol
And guitar of course

[K1llTh3C0rruption]

haha thats pretty awesome.

definitely grabbed me a copy.

[macd3v]

Quote:

Originally Posted by System

O_O sexy!

<--- Been absent hacking my PS2 lol
And guitar of course

What were you using i used to hack my ps2 also :D exploited my memory card so i could run ftp and a bunch of other fun stuff on it hehe.


On topic this does sound pretty neat im definately going to check it out thanks for the post MaXe