COFEE provides law enforcement with a framework they can use to leverage publicly available forensic tools to access information on a PC running Windows. The set of tools is kept on a USB (universal serial bus) storage device. Agents can run over 150 commands on a live computer system and save the results for later analysis, preserving information that could be lost if the computer had to be shut down and transported to a lab, Microsoft said.
Cofee-microsoft Forensic Tools Fixed
Download Zip: https://ovprotordia.blogspot.com/?cc=2vGSnO
Rather than a collection of new forensic tools, COFEE is a simple, automated forensic tool officers can deploy at the scene of an arrest, Tim Cranton, associate general counsel for Microsoft, told TechNewsWorld.
COFEE, according to forensic folk who have used it, is simply a suite of 150 bundled off-the-shelf forensic tools that run from a script. None of the tools are new or were created by Microsoft. Microsoft simply combined existing programs into a portable tool that can be used in the field before agents bring a computer back to their forensic lab.
With COFEE, a forensic agent can select, through the interface, which of the 150 investigative tools he wants to run on a targeted machine. COFEE creates a script and copies it to the USB device which is then plugged into the targeted machine. The advantage is that instead of having to run each tool separately, a forensic investigator can run them all through the script much more quickly and can also grab information (such as data temporarily stored in RAM or network connection information) that might otherwise be lost if he had to disconnect a machine and drag it to a forensics lab before he could examine it.
Some answers alluded to various forensic tools. However, I am personally not convinced that they work on all systems. For example in TrueCrypt, the key is actually derived from the password which the user keys in. You cannot feasibly brute force AES. As for Bitlocker, the TPM is a hardware solution that stores the key. You can't extract the key with software.
Given the prevelance of computer-based crime and the level of skill required to perform proper forensic analysis, it makes sense for Microsoft (or someone else) to develop a simple-to-use wrapper for what apparently was a number of common forensic tools available elsewhere on the internet.
"That's the same thing we did with COFEE. So, knowing that and knowing that forensics is a pretty important factor, and that a lot of other pretty good forensic tools are getting overlooked, we decided to put a stop to COFEE."
This arguement seems fairly disingenuous as COFEE seems to hardly have been aimed to replace any existing tools, but to simply make them easier for a less-well trained law enforcement operator to use in order gather crucial forensic evidence. The fact the tool was released by Microsoft probably had more to do with creating a counter-tool than noble thoughts of 'better tools being overlooked'.
Microsoft has reportedly developed a USB key that allows investigators toextract forensic data from PCs.COFEE (Computer Online Forensic EvidenceExtractor) comes in a USB key form factor, and was distributed to a small numberof law-enforcement agencies last June, the Seattle Times reports. The device includes 150 tools that allowinvestigators to extract internet history files, for example, or "decryptpasswords".
The 150 tools are simply based on the 150 commands that forensic experts must enter anyway and that normally take 4+ hours. Microsoft claim that they are simply making this stage easier. Rather than pointing to the existence of a backdoor
the decrypting passwordfeature appears to relate to password auditing tools. COFEE also allowsinvestigators to upload data for analysis.The device is used by more than2,000 officers in at least 15 countries, including Germany and the US. Microsoftsupplies the technology to law enforcement agencies without charge. The toolreportedly allows investigators to scan for evidence on site without necessarilyhaving to cart PCs back to a lab.Computer forensics is a painstaking processcarefully designed to make sure data on a suspect computer isn't changed -simply plugging a device into a computer to extract data seems like a quick anddirty fix. The admissibility of such data in court in debatable even before weget into considering the possibility that the USB key might harbourmalware. 2ff7e9595c
Commenti