Forums
Main Category
General (Technical,...
Microsoft Forensics...
 
Notifications
Clear all

Microsoft Forensics Tool COFEE - In the wild!

 
Page 2 / 3
General (Technical, Procedural, Software, Hardware etc.)
Last Post by seanmcl 16 years ago
30 Posts
18 Users
0 Reactions
3,525 Views
RSS
rjpear
 rjpear
(@rjpear)
Trusted Member
Joined: 19 years ago
Posts: 97
10/11/2009 11:49 pm  

It doesn't do anything that you can't already do with existing Windows tools!

How true… think of COFEE is a Script or batch file program that will execute Freely available software in an automated method. If you don't have a need for the tools now you won't need COFEE. Lot's of Hype around the Program because it's from MS…Seems folks thought this was the keys to the Windows Kingdom…
lol


   
ReplyQuote
 indur
(@indur)
Trusted Member
Joined: 17 years ago
Posts: 67
11/11/2009 2:06 am  

Contrary to popular belief, what you get from Starbucks is not coffee.


   
ReplyQuote
 ctendell
(@ctendell)
Trusted Member
Joined: 16 years ago
Posts: 62
11/11/2009 2:23 am  

-)


   
ReplyQuote
 mjpinvestor
(@mjpinvestor)
New Member
Joined: 16 years ago
Posts: 2
11/11/2009 3:35 am  

COFEE is very similar to the other forensics frameworks which call CLI utilities. The one nice feature I saw was the automatic renaming of the tools in addition to hashing to make sure that is the intended version running. Otherwise, it runs builtin OS tools and sysinternal tools off USB intended for non-technical law enforcement. Technical folks will be better off with the tools already available like FSU, FTK, IRCR, etc.

http//praetorianprefect.com/archives/2009/11/more-cofee-please-on-second-thought/


   
ReplyQuote
 spirovskib
(@spirovskib)
Active Member
Joined: 16 years ago
Posts: 6
Topic starter 11/11/2009 3:42 am  

Please note, requesting download information or offering unauthorized distribution of this tool falls outside acceptable use of these forums.

Jamie

Agreed, point taken, no more mention about unauthorized distribution of any tool from me

Regards
Spirovski Bozidar
http//www.shortinfosec.net


   
ReplyQuote
 Nizmon
(@nizmon)
Eminent Member
Joined: 16 years ago
Posts: 35
11/11/2009 5:01 am  

Please note, requesting download information or offering unauthorized distribution of this tool falls outside acceptable use of these forums.

Jamie

Agreed, point taken, no more mention about unauthorized distribution of any tool from me

Regards
Spirovski Bozidar
http//www.shortinfosec.net

My bad sorry, forgive me o great admin )


   
ReplyQuote
 BenUK
(@benuk)
Trusted Member
Joined: 20 years ago
Posts: 45
11/11/2009 12:19 pm  

http//happyasamonkey.wordpress.com/2009/11/11/computer-forensics-in-the-geek-press-a-taxonomy/ seemed to have a good take on it D


   
ReplyQuote
jaclaz
 jaclaz
(@jaclaz)
Illustrious Member
Joined: 18 years ago
Posts: 5133
11/11/2009 4:29 pm  

http//happyasamonkey.wordpress.com/2009/11/11/computer-forensics-in-the-geek-press-a-taxonomy/ seemed to have a good take on it D

GREAT one. D

jaclaz


   
ReplyQuote
Jamie
 Jamie
(@jamie)
Moderator
Joined: 5 years ago
Posts: 1288
11/11/2009 5:00 pm  

Agreed - we could do with more writing of this calibre! Anyone know who's behind it?

Jamie


   
ReplyQuote
 nvillatte
(@nvillatte)
Active Member
Joined: 16 years ago
Posts: 7
11/11/2009 5:12 pm  

COFEE had been in the wild 1-2 month after official release, already available on web based file shares. Apparently the people making a fuzz about it only monitor torrents.

What this demonstrates IMOH is that
- Not everyone in the forensic world act ethically or at least in the respect of the law (asking for a copy they are not allowed to own)
- The poor security around the distribution of the software; wherever the leak appeared originally, my guess is that it must have been either from Microsoft or from a law enforcement agency

Isn' it the most frightening?


   
ReplyQuote
Page 2 / 3
Forum Jump:
  Previous Topic
Next Topic  
Share: