Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Computer Online Forensic Evidence Extractor

  1. #1
    Member
    Join Date
    Sep 2008
    Posts
    146

    Default Computer Online Forensic Evidence Extractor

    The Computer Online Forensic Evidence Extractor (COFEE) is a collection of auditing, cracking, and recovery, tools loaded onto a thumb drive.

    This system was developed by the Hong-Kong police but was since licensed by microsoft and distributed to law enforcement agencies around the globe. They are intended for border control agencies so they can quickly crack and decrypt all passwords and data on computers (which can now be searched at border crossings without a warrant) there is even a rumor that MS included a special backdoor into vista.

    Here is the relevant information I have found.

    http://www.ghacks.net/2008/04/29/com...nce-extractor/

    http://www.microsoft.com/industry/go...cofee_faq.mspx

    Microsoft states in their FAQ that COFEE is only available to authorized law enforcement, they also state that the tools used are not new, instead COFEE features an easy to use and time saving interface which can extract data from live systems and even monitor and decrypt network traffic.

    Now I find it hard to believe that MS would bother to release a tool like this if it didn't have SOME new in house features. So the question is, has anyone used this new toy? Has it been used on anyone here? Speculation as to what tools it uses, and how to make your data safe from its use is also welcome.

    PS. Before I get flamed out again, no, I am not trying to find a cracked copy, distribute, or use this device for personal gain, just seeing what information you guys might have.

  2. #2
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  3. #3
    Member
    Join Date
    Sep 2008
    Posts
    146

    Default

    Any new info since April? No one seemed to know anything about it back then.

  4. #4
    Member ColForbin's Avatar
    Join Date
    Jan 2010
    Posts
    93

    Default

    Try this.

    Follow the links under "- The list update -". Check out his other tools too.

    Enjoy.
    "Whatever happened to playing a hunch, Scully? The element of surprise, random acts of unpredictability? If we fail to anticipate the unforeseen or expect the unexpected in a universe of infinite possibilities, we may find ourselves at the mercy of anyone or anything that cannot be programmed, categorized or easily referenced."

  5. #5
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by Revelati View Post
    Any new info since April?
    Nothing that can be shared with a civilian.
    Thorn
    Stop the TSA now! Boycott the airlines.

  6. #6
    Member Krytical's Avatar
    Join Date
    Mar 2010
    Posts
    117

    Default

    ColForbin, thank you for that link, but the person posted "WOLF" not cofee... (inside the rar is wolf, even though its named cofee)

    there is no GUI and it just finds data and puts it all in a . cab file that you must upload to microsoft... for them to analyze.... no use for anyone without the site for the upload...

  7. #7
    Member ColForbin's Avatar
    Join Date
    Jan 2010
    Posts
    93

    Default

    Once the .cab is created, have you tried extracting the data within for your own analysis?
    "Whatever happened to playing a hunch, Scully? The element of surprise, random acts of unpredictability? If we fail to anticipate the unforeseen or expect the unexpected in a universe of infinite possibilities, we may find ourselves at the mercy of anyone or anything that cannot be programmed, categorized or easily referenced."

  8. #8
    Member Krytical's Avatar
    Join Date
    Mar 2010
    Posts
    117

    Default

    well it is still running... I'll let ya know when its done...

    it just put a bunch of log files (well, txt files in my C: drive in a folder)

    couldn't find the .cab file...

  9. #9
    Member ColForbin's Avatar
    Join Date
    Jan 2010
    Posts
    93

    Default

    See if you can locate the .cab using search. Hit <F3> from your desktop. Then format the search like so:

    "Whatever happened to playing a hunch, Scully? The element of surprise, random acts of unpredictability? If we fail to anticipate the unforeseen or expect the unexpected in a universe of infinite possibilities, we may find ourselves at the mercy of anyone or anything that cannot be programmed, categorized or easily referenced."

  10. #10
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by ColForbin View Post
    See if you can locate the .cab using search. Hit <F3> from your desktop. Then format the search like so:
    Real people use the command line even in winders.

    dir /s /o:d *.cab
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •