At the Digital Crimes Consortium, Microsoft Corp. and the National White Collar Crime Center (NW3C) announced an agreement establishing NW3C as the first U.S.-based distributor of the Computer Online Forensic Evidence Extractor (COFEE). A Microsoft-developed program, COFEE uses digital forensic technologies to help investigators gather evidence of live computer activity at the scene of a crime, regardless of their technical expertise…This agreement will make COFEE available to law enforcement agencies at no charge so they can better combat the growing and increasingly complex ways that criminals use the Internet to commit crimes. This distribution agreement broadens availability for law enforcement agencies, building on Microsoft’s April 2009 distribution agreement with INTERPOL, which is making the COFEE tool available to law enforcement in each of its 187 member countries.
Law enforcement agents with less than 10 minutes training can capture live evidence of illegal activity by inserting the COFEE USB device into a computer. The evidence is then preserved for analysis, protecting it from being destroyed when the computer is turned off for moving. Redmond, Wash. Oct. 13, 2009.
Law enforcement agents with less than 10 minutes training can capture live evidence of illegal activity by inserting the COFEE USB device into a computer. The evidence is then preserved for analysis, protecting it from being destroyed when the computer is turned off for moving. Redmond, Wash. Oct. 13, 2009.
Click for high-res version.
“The COFEE distribution agreement will be of enormous benefit to U.S. law enforcement agencies dealing with technologically sophisticated cybercriminals,” said Donald J. Brackman, director of NW3C. “NW3C is very pleased to partner with Microsoft in making this tool available and contributing to the fight against cybercrime.”
A common challenge of cybercrime investigations is the need to conduct forensic analysis on a computer before it is powered down and restarted. Live evidence, such as some active system processes and network data, is volatile and may be lost while a computer is turning off. This evidence may contain information that could assist in the investigation and prosecution of a crime. With COFEE, a front-line officer doesn’t have to be a computer expert to capture this volatile information before turning off the computer on the scene for later analysis. An officer with minimal computer experience can be tutored to use a pre-configured COFEE device in less than 10 minutes. This enables him or her to take advantage of common digital forensics tools the experts use to gather important volatile evidence while doing little more than simply inserting a USB device into the computer.
The agreement with NW3C, a nonprofit membership organization dedicated to supporting law enforcement agencies in the prevention, investigation and prosecution of economic and high-tech crime, is the latest example of Microsoft’s ongoing commitment to building partnerships that help create a safer, more trusted Internet experience for everyone, not just Microsoft customers. The announcement comes as law enforcement, industry, academic and government cybercrime experts around the world meet in Redmond at the Digital Crimes Consortium. This consortium will provide a mechanism for information sharing, tools development and community building to help industry, government, academia and law enforcement agencies better address the complexity of the evolving threat landscape.
“Criminals are working in a new digital age, and it is essential that law enforcement agencies have the latest tools and technology to help them fight the cyberthreats facing the global community,” said Tim Cranton, associate general counsel of Worldwide Internet Safety Enforcement Programs at Microsoft. “Microsoft is proud to be working with NW3C and INTERPOL to make COFEE more broadly available to law enforcement agencies and to host the Digital Crimes Consortium bringing industry, government, academic and law enforcement cybercrime experts from around the world together to build a long-term coordinated effort in the fight against digital crime. By working together, we can be most effective in making the Internet safer for everyone.”
Working with INTERPOL, the Florida State University and University College Dublin, NW3C will also continue the research and development that will ensure that COFEE serves the needs of law enforcement agencies as technology evolves.
“Florida State University’s E-Crime Investigative Technologies Laboratory has extensive expertise in software tools and systems to support law enforcement, and we were pleased to assist the National White Collar Crime Center in evaluating COFEE for its continued use and development,” said computer science professor Sudhir Aggarwal, director of the ECIT Lab. “We look forward to future collaborations in the effort to win the fight against cybercrime.”
“COFEE is a very valuable tool in the arsenal of law enforcement agencies to fight cybercrime,” said Professor Joe Carthy of University College Dublin’s (UCD) Centre for Cyber Crime Investigations, which is partnering with Microsoft and INTERPOL to develop training programs to enable law enforcement officers to use COFEE. “It will help to establish a recognized international standard in digital forensics and cybercrime investigations. It will also assist law enforcement agencies to develop internal the expertise which they require in dealing with cybercrime investigations.”
Law enforcement agencies can get COFEE from NW3C through a link at http://www.nw3c.org or by contacting INTERPOL at COFEE@interpol.int.
