Re FF news feed item;
"WetStone Technologies, Inc. announces U3 Live Investigator, a live acquisition and triage tool using U3 technology that is being created under the USB Live Acquisition and Triage Tool (US-LATT) contract funded by the National Institute of Justice (NIJ). U3 Live Investigator provides investigators and first-responders with the ability to obtain live, volatile evidence from running systems under rapid response or covert scenarios. This tool is available to US State and Local Law Enforcement personnel for Beta Testing."
Anyone know anything about this tool? What can it do? How is it used? etc etc.
I've asked WetStone the same question directly.
Thanks.
It looks like COFEE. Basically it's a U3 device that you plug in to a suspect machine, to do triage and live analysis.
calimero could you share some usefull information about which Microsoft department you have been contacted in this matter and what precise data they require to get coffe?
I've tested a colleagues copy of it and as Microsoft says, Cofee is mostly a small footprint front-end for a variety of freely available tools like PSTools. You tell Cofee what you want, and it sets up the USB to grab what you've asked for.
It basically removes the need to hunt down tools, create your own live-response CD/USB, and write command-line scripts. I gather it is also written to be minimally invasive in order to modify the live system as little as possible.
According to Microsoft it should be available on Microsoft's LEPortal in a couple of months - once they've had time to look at the Beta's results.
You might want to check out this link if you're interested in what Microsoft has to say about it
http//
If you are Law Enforcement, you may want to join the LEPortal so that you will be able to acquire the tool once it is released. (Info on how to do this can be found on the link.) The LEPortal also has some interesting info about Vista and other MS products - again available to LE only.