Computer Online Forensic Evidence Extractor
The Computer Online Forensic Evidence Extractor (COFEE) is a collection of auditing, cracking, and recovery, tools loaded onto a thumb drive.
This system was developed by the Hong-Kong police but was since licensed by microsoft and distributed to law enforcement agencies around the globe. They are intended for border control agencies so they can quickly crack and decrypt all passwords and data on computers (which can now be searched at border crossings without a warrant) there is even a rumor that MS included a special backdoor into vista.
Here is the relevant information I have found.
http://www.ghacks.net/2008/04/29/com...nce-extractor/
http://www.microsoft.com/industry/go...cofee_faq.mspx
Microsoft states in their FAQ that COFEE is only available to authorized law enforcement, they also state that the tools used are not new, instead COFEE features an easy to use and time saving interface which can extract data from live systems and even monitor and decrypt network traffic.
Now I find it hard to believe that MS would bother to release a tool like this if it didn't have SOME new in house features. So the question is, has anyone used this new toy? Has it been used on anyone here? Speculation as to what tools it uses, and how to make your data safe from its use is also welcome.
PS. Before I get flamed out again, no, I am not trying to find a cracked copy, distribute, or use this device for personal gain, just seeing what information you guys might have.
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Any new info since April? No one seemed to know anything about it back then.
Try this.
Follow the links under "- The list update -". Check out his other tools too.
Enjoy.
"Whatever happened to playing a hunch, Scully? The element of surprise, random acts of unpredictability? If we fail to anticipate the unforeseen or expect the unexpected in a universe of infinite possibilities, we may find ourselves at the mercy of anyone or anything that cannot be programmed, categorized or easily referenced."
Nothing that can be shared with a civilian.Originally Posted by Revelati
Thorn
Stop the TSA now! Boycott the airlines.
ColForbin, thank you for that link, but the person posted "WOLF" not cofee... (inside the rar is wolf, even though its named cofee)
there is no GUI and it just finds data and puts it all in a . cab file that you must upload to microsoft... for them to analyze.... no use for anyone without the site for the upload...
Once the .cab is created, have you tried extracting the data within for your own analysis?
"Whatever happened to playing a hunch, Scully? The element of surprise, random acts of unpredictability? If we fail to anticipate the unforeseen or expect the unexpected in a universe of infinite possibilities, we may find ourselves at the mercy of anyone or anything that cannot be programmed, categorized or easily referenced."
well it is still running... I'll let ya know when its done...
it just put a bunch of log files (well, txt files in my C: drive in a folder)
couldn't find the .cab file...
See if you can locate the .cab using search. Hit <F3> from your desktop. Then format the search like so:
"Whatever happened to playing a hunch, Scully? The element of surprise, random acts of unpredictability? If we fail to anticipate the unforeseen or expect the unexpected in a universe of infinite possibilities, we may find ourselves at the mercy of anyone or anything that cannot be programmed, categorized or easily referenced."
Real people use the command line even in winders.
dir /s /o:d *.cab
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
Posting Permissions
