Microsoft Make Digital Forensics Tool Available to Law Enforcement

At the Digital Crimes Consortium, Microsoft Corp. and the National White Collar Crime Center (NW3C) announced an agreement establishing NW3C as the first U.S.-based distributor of the Computer Online Forensic Evidence Extractor (COFEE). A Microsoft-developed program, COFEE uses digital forensic technologies to help investigators gather evidence of live computer activity at the scene of a crime, regardless of their technical expertise…This agreement will make COFEE available to law enforcement agencies at no charge so they can better combat the growing and increasingly complex ways that criminals use the Internet to commit crimes. This distribution agreement broadens availability for law enforcement agencies, building on Microsoft’s April 2009 distribution agreement with INTERPOL, which is making the COFEE tool available to law enforcement in each of its 187 member countries.
Law enforcement agents with less than 10 minutes training can capture live evidence of illegal activity by inserting the COFEE USB device into a computer. The evidence is then preserved for analysis, protecting it from being destroyed when the computer is turned off for moving. Redmond, Wash. Oct. 13, 2009.
Law enforcement agents with less than 10 minutes training can capture live evidence of illegal activity by inserting the COFEE USB device into a computer. The evidence is then preserved for analysis, protecting it from being destroyed when the computer is turned off for moving. Redmond, Wash. Oct. 13, 2009.
Click for high-res version.

“The COFEE distribution agreement will be of enormous benefit to U.S. law enforcement agencies dealing with technologically sophisticated cybercriminals,” said Donald J. Brackman, director of NW3C. “NW3C is very pleased to partner with Microsoft in making this tool available and contributing to the fight against cybercrime.”

A common challenge of cybercrime investigations is the need to conduct forensic analysis on a computer before it is powered down and restarted. Live evidence, such as some active system processes and network data, is volatile and may be lost while a computer is turning off. This evidence may contain information that could assist in the investigation and prosecution of a crime. With COFEE, a front-line officer doesn’t have to be a computer expert to capture this volatile information before turning off the computer on the scene for later analysis. An officer with minimal computer experience can be tutored to use a pre-configured COFEE device in less than 10 minutes. This enables him or her to take advantage of common digital forensics tools the experts use to gather important volatile evidence while doing little more than simply inserting a USB device into the computer.

The agreement with NW3C, a nonprofit membership organization dedicated to supporting law enforcement agencies in the prevention, investigation and prosecution of economic and high-tech crime, is the latest example of Microsoft’s ongoing commitment to building partnerships that help create a safer, more trusted Internet experience for everyone, not just Microsoft customers. The announcement comes as law enforcement, industry, academic and government cybercrime experts around the world meet in Redmond at the Digital Crimes Consortium. This consortium will provide a mechanism for information sharing, tools development and community building to help industry, government, academia and law enforcement agencies better address the complexity of the evolving threat landscape.

“Criminals are working in a new digital age, and it is essential that law enforcement agencies have the latest tools and technology to help them fight the cyberthreats facing the global community,” said Tim Cranton, associate general counsel of Worldwide Internet Safety Enforcement Programs at Microsoft. “Microsoft is proud to be working with NW3C and INTERPOL to make COFEE more broadly available to law enforcement agencies and to host the Digital Crimes Consortium bringing industry, government, academic and law enforcement cybercrime experts from around the world together to build a long-term coordinated effort in the fight against digital crime. By working together, we can be most effective in making the Internet safer for everyone.”


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.


Working with INTERPOL, the Florida State University and University College Dublin, NW3C will also continue the research and development that will ensure that COFEE serves the needs of law enforcement agencies as technology evolves.

“Florida State University’s E-Crime Investigative Technologies Laboratory has extensive expertise in software tools and systems to support law enforcement, and we were pleased to assist the National White Collar Crime Center in evaluating COFEE for its continued use and development,” said computer science professor Sudhir Aggarwal, director of the ECIT Lab. “We look forward to future collaborations in the effort to win the fight against cybercrime.”

“COFEE is a very valuable tool in the arsenal of law enforcement agencies to fight cybercrime,” said Professor Joe Carthy of University College Dublin’s (UCD) Centre for Cyber Crime Investigations, which is partnering with Microsoft and INTERPOL to develop training programs to enable law enforcement officers to use COFEE. “It will help to establish a recognized international standard in digital forensics and cybercrime investigations. It will also assist law enforcement agencies to develop internal the expertise which they require in dealing with cybercrime investigations.”

Law enforcement agencies can get COFEE from NW3C through a link at http://www.nw3c.org or by contacting INTERPOL at COFEE@interpol.int.

Leave a Comment

Latest Videos

Digital Forensics News Round-Up, June 12 2024 #dfir #digitalforensics

Forensic Focus 18 hours ago

Digital Forensics News Round-Up, June 12 2024 #dfir #digitalforensics

Forensic Focus 19 hours ago

Internal investigations and eDiscovery face rising challenges in the data collection landscape. There is an urgent need to preserve and analyze data; rising costs for server infrastructure and overhead and the increasing complexity and volume of data from emerging sources is overwhelming. Laptops, computers, phones, tablets, cloud sources, and messaging applications – data is stored anywhere and everywhere with employee communications being the riskiest data sources.

The scope and specific challenges of data collection affect organizations and law firms differently, presenting a need for a variety of solutions to best fit their needs. With Cellebrite’s suite of SaaS (Software-as-a-Service) cloud-based collection solutions, corporate investigators and eDiscovery practitioners can close investigations and get to review faster.

Cellebrite's market-leading SaaS based solutions minimize business disruption and save organizations money by:

- Eliminating the need for large upfront costs and maintenance expenses
- Minimizing overhead costs without hosting the solution, no hardware shipping, and no technical calls for assistance
- Minimal and predictable data collection costs, allowing you to scale your usage according to your specific needs and budgetary considerations
- Stay up to date with continuous updates to data sources with updates pushed to the Cellebrite cloud
- Close investigations and review discovery faster with cloud-based innovation
- Manage customer requests and provide transparency throughout your organization across the globe

Watch Cellebrite's webinar where Monica Harris, Product Business Manager, showcases how Cellebrite’s range of SaaS-based solutions have you covered whether you need remote collection across all devices, including computers, cloud sources, chat applications, and mobile devices or full-file system advanced collection capabilities across the widest range of mobile devices and applications.

Internal investigations and eDiscovery face rising challenges in the data collection landscape. There is an urgent need to preserve and analyze data; rising costs for server infrastructure and overhead and the increasing complexity and volume of data from emerging sources is overwhelming. Laptops, computers, phones, tablets, cloud sources, and messaging applications – data is stored anywhere and everywhere with employee communications being the riskiest data sources.

The scope and specific challenges of data collection affect organizations and law firms differently, presenting a need for a variety of solutions to best fit their needs. With Cellebrite’s suite of SaaS (Software-as-a-Service) cloud-based collection solutions, corporate investigators and eDiscovery practitioners can close investigations and get to review faster.

Cellebrite's market-leading SaaS based solutions minimize business disruption and save organizations money by:

- Eliminating the need for large upfront costs and maintenance expenses
- Minimizing overhead costs without hosting the solution, no hardware shipping, and no technical calls for assistance
- Minimal and predictable data collection costs, allowing you to scale your usage according to your specific needs and budgetary considerations
- Stay up to date with continuous updates to data sources with updates pushed to the Cellebrite cloud
- Close investigations and review discovery faster with cloud-based innovation
- Manage customer requests and provide transparency throughout your organization across the globe

Watch Cellebrite's webinar where Monica Harris, Product Business Manager, showcases how Cellebrite’s range of SaaS-based solutions have you covered whether you need remote collection across all devices, including computers, cloud sources, chat applications, and mobile devices or full-file system advanced collection capabilities across the widest range of mobile devices and applications.

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_SE7Cl5jkigk

Maximising Data Collection With SaaS Innovations

Forensic Focus 10th June 2024 12:42 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles