Microsoft gives cops COFEE: free computer forensic tools
By Nilay Patel 
posted April 29th 2008 10:02PM
posted April 29th 2008 10:02PM
Cops doing computer forensic work already have a ton of tools to choose from, but Microsoft is doing its part to help out as well -- the company just revealed that it's been distributing a special thumb drive to cops in 15 countries to help them identify and extract information from suspects' computers. The drive, called COFEE for Computer Online Forensic Evidence Extractor, is in use by more than 2,000 officers, including some in the States, and Microsoft is giving it away for free, saying that its doing it not for profit but to "help make ensure the Internet stays safe." COFEE contains more than 150 commands that can be used to collect information, decrypt passwords, and poke through network activity, which helps alleviate the problem of having to remove and transport a suspect's computer for evidence purposes -- officers can just plug in the drive. There's no word on when Microsoft will start widely distributing the drives, but we'd assume it'll be soon.[Thanks, Yoshi]
BLARG?
DONUTS = Disc Of New Undercover Tracking Software :-D.
or maybe Disc Of New Unreleased Trial Software :-D.
Blerg!
bittorrent link? :)
@mark
minutes...
what?
you men it's not yet on BT ites all around?
Try any live Linux, there are even several distros specifically for the purpose of Windows Recovery which let you mount ntfs and bypass/reset passwords.
Nothing new about this tool, Police have been using other tools forever, now Microsoft is giving them a MS-branded tool.
Damnit....what i meant to say was: "Worst....Acronym....EVER"
Unless it comes in the shape of a donut
CD's are shaped like donuts. Sadly enough thumbdrives are not shaped like coffee..
Great. Now where are the DONUTS?
im not sure which countries this will be going too, or how their justice system works, but I have a bad feeling that this will serve mostly to violating privacy rights (yes, I'm american, and yes I'm aware that our rights get trampled - Ron Paul ftw? nope, sry, ron paul = fail) hopefully it remains beneficial, but, ya know, good intentions and all that . . .
Why bring politics into this? I can resist getting into flamboy wars, but it's extreeemely hard for me to push down the urge to join in on a politics debate... Please stop torturing me.
@Dolemite: Then you yourself have fallen for the old political games if you think RP is a racist or a supremacist in any way. I'm sure there's a Republican or 50 out there thanking you for believing that.
@Dolemite: good job at being a tool. Did you read his whole post?
This is great until it gets into the hands of a criminal. If they could crack/bypass passwords that would be bad.
** 15 terabyte of porn deleted **
Noooooo.......
Tera is weak sauce... Men measure their porn in petas.
OMG, somebody at Microsoft was able to download public tools available on sectools.com on a usb thumb drive.
This is a news, because first somebody at microsoft was able to do something.
And second because they at least admit that open source is superior.
I'm sure it includes ping.exe a powerful tool for tracking computer on the internet.
Open Source is great if people know where to find it.
Do you thing a cop could actually figure that out? Doubt it, otherwise they would've achieved more in life.
So this time, MS pulls an 'Apple' and just makes it easy.
Fitz,
Spoken like a true idiot!
I "thing" the level of expertise of many forensic investigators in LE would make you look like a pre-schooler banging away at a Fisher-Price computer.
http://www.fisher-price.com/img/product_shots/L3480_d_1.jpg
wow...such naivety...software like this has been available for free on the internet for a LONG time and can be used by criminals at any time... just because microsoft is giving it to cops for free on little USB sticks doesn't mean it was just created, is top secret or eventually going to lead to rampant fraud and loss of privacy....*sigh*....
Not to mention that any hacker's PC will be properly secured against such threats. Heck even MY PC cant be busted into by that crap.
These tools may have been around forever, but not Microsoft has gotten its own version of it. So now when you plug the drive in a little animated assistant pops up and states
"It looks like you're hacking a computer. Would you like me to: ....."
lolz i use bsd i can render teh cop's tools useless lolz 1!11!!!!1!oneoneoneone
(Before you blame me for this message: No I'm not being serious... However, I really do think that this thing is a cheap USB stick with a bunch of totally useless tools)
I bet since it's microsoft, these tools only work for windows so microsoft makes them arrest anyone using linux or OSX.
( Not really being serious either, but it is a microsoft mentality, not that I have nothing against them.)
you were banned? why?
That reminded me of this: http://www.engadget.com/2007/08/24/linux-user-forced-to-use-windows-as-part-of-home-confinement/
Linux/BSD/Mac users (with illegal stuff): Be afraid. Be very afraid. :-)
And yeah, I got banned for messing around with the comment system and pointing out one of it's "secret bugs" in public :-P.... But it happened during that live Apple event, no one ever noticed... The news were flowing too fast to comment for the Apple lovers, and Apple haters turned off the internet...
And the chances of this being used at the next hacker convention are pretty high.
I think I should assume this only works on people with Windows? Also I don't see this defeating encryption nor hackers taking the software and building a block for it.
Hot COFEE!
This is defeated by connecting a decoy USB socket to the right part of your power supply.
Wait. Microsoft is all excited about hacking THEIR OWN SOFTWARE? That's just cheating.
First of all, I don't see what this can possibly help them with. If it can, that means we are always being probed and recorded on our own PCs by Microsoft? I'm sure that violates at least one law and requires users to be properly informed (read: not shrink-wrap agreements). Even if so, I am sure they must give users the option to opt out of such a "courtesy."
Decrypting passwords? From what I can recall, passwords are stored as a hash, which is not something you can just "decrypt," that's called GUESSING or BRUTE FORCING and that's far more of an attack on security rather than a "transformation" of decrypting. While possible, it would take time for sure.
Then again, I am glad I have made the switch to Linux as of late for most of my computing needs.
If it came on a CD/DVD you could just defeat it by using a Macbook Air. :O
The MacBook Air defeats it anyway with it's tiny USB slots I doubt the pen drive will fit!
so is this suppose to be used to be booted off of? or is it like plug it in and it just opens windows up to what you want to do?
if it worries you encrypt your drive as these tools do not work with encrypted drives. if its a usb driver someone needs to find it and make a patch for it for the paranoid, i for one welcome our microsoft 'hacker' overlords
This is probably the most stupidest idea by Microsoft after MS Bob. Firstly, you can't just go into a suspect's house and stick this thing into their computer. It is invasion of privacy. They cannot do it without a search warrant. Even if they have a search warrant, they still cannot stick this in since the password cracking software reads and writes into the memory thus contaminating critical evidence thus making it inadmissible.
The correct procedure in such cases is going into a suspects place, doing a memory dump of the RAM, sealing and securing the computer, bringing it into the lab AND then examining the contents.
It would be sad if some kiddy porn storing perv gets to go free if some stupid cop decides to stick this USB stick into the evidence computer.
Real Life is not CSI.
Firstly, you can't just go into a suspect's house and stick this thing into their computer. It is invasion of privacy. They cannot do it without a search warrant.
--------
Everything can be done under the umbrella of 'anti-terrorism' these days. At least in my country (Australia) and the US, that's for sure.
They are called sneak-and-peek warrants, and they're not real warrants at all, and they don't need to notify you. You've been in a fascist police state all this time and didn't even know it!
But seriously, there are sneak-and-peek warrants, and they suck.
Yea, cops can have all the COFEE they want, they aren't touching this guy...
http://www.washingtonpost.com/wp-dyn/content/article/2008/01/15/AR2008011503663.html
what i meant to say was: "Worst....Acronym....EVER"
It`s Best against those who are Mis using the Modern technologies. It should be a Kane for them.
just use diamond boot to hack in windows pc :)
First off, replacing your hash with theirs, will now let them boot up your computer with your account, but will hose the encryption key you used to encrypt your folders, but... what they don't tell you is that your encrypted files have a "Recovery Agent" key (for your safety), this is most likely how they can gain access to your encrypted files. Even if you removed such key, they still could just "tree /f /a >evidance.txt" and have a complete list of all your files, sure they couldn't open them, but if you have 72,000 files named *.mp3, they could probably still win a case against you to an ignorant jury.
Most people use simple passwords anyway, to brute force an 8 character only alphabet password takes no time at all. MyC1viaLriGht$, try to bruteforce that.
Just use linux, encrypt your files using a 512-bit key, password lock your harddrive, and wear a tin-foil hat.
COFEE is really just an inclined table, some saran-wrap, and a bucket of water. Guaranteed to get your password in 5 minutes or less.
TIN FOIL HAT FTW!
or for the secure in this case? fts, just doesn't flow right.
Take that Apple!
Or you guys could just visit the guys who originally did this over at Hak.5 and have been supporting the community with different payloads for years!
http://wiki.hak5.org/wiki/USB_Switchblade and in the forums at http://forums.hak5.org/index.php?board=20.0
Wow, that's just great. Would they like a cookie while they're there? Imagine if you bought a house and they gave a copy of the keys to the cops and so they could search your place more easily.
http://impatientsufferance.com/2008/04/30/microsoft-invites-police-into-your-computer-offers-them-a-cofee-213/
The article doesn't mention if its a live Windows OS. In order to be admissible in court, you can't alter any of the information on the hard drive.