wherever the leak appeared originally, my guess is that it must have been either from Microsoft or from a law enforcement agency
With all due respect, since the tool was made by Microsoft and only delivered to law enforcement members, more than a guess, it should be a truism. wink
If we have to choose between the two, I would guess first one outsourced both the development and the distribution of the tool, and the leak came from that side….
… or from the teenager son of one of the officers that forgot the USB stick at home one day….. lol
jaclaz
I think some people wanted a copy so they could study it, understand it and then learn, that is why I wanted a copy. Just because people want it does not mean that it will be used for bad.
to the forum Admin/Moderators Can I post a link to the COFEE User Manual ? it would be interesing for discuss about the product.
Has the manual been publicly released by Microsoft?
i don't know… i'm going to search
Here's an interessant post which explain some features
(
April 29, 2008 120 PM
Looking for answers on Microsoft's COFEE devicePosted by Benjamin J. Romano
Today's story on a Microsoft device that helps law enforcement gather forensic evidence from a crime suspect's computer has garnered lots of attention and raised questions about how exactly it works and what it's able to do. Update, 510 p.m. I just got a response from Microsoft. See the end of the post.
I've received calls and emails from law enforcement officials – ranging from Amtrak's Office of Inspector General to a U.S. Army cybercrime investigator to the Citrus County, Florida, Sheriff's Office – all wanting to know how they can get their hands on the device.
Other readers have wondered about the implications of the device for civil liberties and Windows security. There is also concern the device could fall into the hands of criminals (who, I'd add, would also have to gain physical access to a computer to do harm with it) or that something similar could be developed.
A reader from Snohomish County writes, "a little usb device cannot break encrypted info (passwords) – unless microsoft has built a back door into its computers – it seems. i have worked with encryption software before – stuff it would take NSA a month to crack – so how does MS do it in minutes?"
Others have dismissed the idea that this is even news. A reader writes
"Have you heard of this? Nearly every American home has been infiltrated with a device that allows complete strangers to talk to and gain the confidence of your children. These criminals then indulge in rampant child abuse! The device? The telephone. I say we need a bureau whose job it is to listen in on each and every 'telephone' conversation in order to thwart these insidious criminals. And I think the Seattle Times should run a lengthy series exposing the dangers of this pernicious technology."
I'm trying to get answers from Microsoft on how the Computer Online Forensic Evidence Extractor actually works. I'll update this post when I hear back from Microsoft.
In the meantime, here are some other details that didn't make it into today's story
Brad Smith, Microsoft's general counsel, described COFEE in an interview.
"It's basically a thumb drive that is like a Swiss army knife for law enforcement officials that are investigating computer crimes. If you're a law enforcement official and let's say you have access to a computer that might be used, for example, by a child predator, a lot of times they have information on their hard disk that's encrypted, and you've got that information off in order to have a successful investigation and prosecution.
"In the past, people would have to literally unplug the computer, they would lose whatever was in RAM. They'd have to transport it somewhere else, and it would take at least four hours, often more to get at the heart of the information."
The device can get that job done in as little as 20 minutes, Smith said.
"With this tool, they can just plug it into the computer, wherever it's located. They don't have to turn off the power. It has over 150 different technology tools that law enforcement officers can use to analyze data, to get access to passwords, to obtain the information typically that people need to successfully prosecute a crime."
COFEE can also be customized with additional tools and commands.
It was developed by Anthony Fung, a senior investigator on Microsoft's Internet Safety Enforcement Team. Fung, formerly a Hong Kong police officer, joined Microsoft four years ago.
It sounds to me like the device doesn't do anything that a trained computer forensics expert can't already do. This just automates the execution of the commands for data extraction. Check later for updates.
Update Via email, a Microsoft spokeswoman said COFEE is a compilation of publicly available forensics tools, such as "password security auditing technologies" used to access information "on a live Windows system." She cited rainbow tables as an example of other such tools, and "was NOT confirming that COFEE includes Rainbow Tables."
It "does not circumvent Windows Vista BitLocker encryption or undermine any protections in Windows through secret 'backdoors' or other undocumented means."
Further, she reiterated that the tool is intended for use "by law enforcement only with proper legal authority."
Another update This from Tim Cranton, associate general counsel at Microsoft "The key to COFEE is not new forensic tools, but rather the creation of an easy to use, automated forensic tool at the scene. It's the ease of use, speed, and consistency of evidence extraction that is key.
you have to get it from either interpol or cw3
Seriously guys,
It really is nothing special , other than the usual microsoft hype,
It's also been 'available' for a long time.
You really will be disappointed after all the hype.
If you do 'find' it watch out for all the trojened versions………., infact it's currently the fastest way to get Trojans exactly where you need them.
Has the manual been publicly released by Microsoft?
Not as far as I'm aware but the PDF manual is included with the files and executable of the leaked version.
I think some people wanted a copy so they could study it, understand it and then learn, that is why I wanted a copy. Just because people want it does not mean that it will be used for bad.
Not to come late to the party, but in the US, it could be a violation of US copyright law and as compilations, even of public domain tools, can be copyrighted and the distribution restricted under license, it would also be software piracy.
I, for one, would not want to risk my professional standing by possessing or attempting to possess such software.
I was involved in a case where another investigator used Belarc Adviser to prepare a report and the terms of use clearly state that it can be used for non-commercial purposes, only. Those facts were allowed to be presented to the jury as a means of impeaching the integrity of the witness.