Computer Online Forensic Evidence Extractor (COFEE) is a tool kit, developed by Microsoft, to help computer forensic investigators extract evidence from a Windows computer. Installed on a USB flash drive or other external disk drive, it acts as an automated forensic tool during a live analysis. Microsoft provides COFEE devices and online technical support free to law enforcement agencies.
Microsoft COFEE (Computer Online Forensics Evidence Extractor) t free download
Download File: https://miimms.com/2vAvAy
Microsoft's Computer Online Forensic Evidence Extractor (COFEE) has made it into the hands of pirates, and their virtual ships are distributing it quickly for everyone to get a taste. The COFEE application uses common digital forensics tools to help law enforcement officials at the scene of a crime gather volatile evidence of live computer activity that would otherwise be lost in a traditional offline forensic analysis. In other words, it lets officers grab data from password-protected or encrypted sources. That means you can now break the law twice over: download the software and then use it to steal information from other people's computers.
Offering much more technical and under-the-hood capability than most digital forensics investigations necessitate, Redline has more applications in cybersecurity and other tech-driven criminal behavior where a granular analysis is critical. Redline currently only functions on Windows-based systems, but it is regularly updated by FireEye for optimum performance and can be downloaded for free on the FireEye website.
The anti-forensics tool, which is called DECAF, is designed to obstruct Computer Online Forensic Evidence Extractor (COFEE), a cybercrime forensics tool that is broadly distributed by Microsoft for use by law enforcement agencies."DECAF provides real-time monitoring for COFEE signatures on USB devices and running applications," the hackers say on their Website. "Upon finding the presence of COFEE, DECAF performs numerous user-defined processes, including COFEE log clearing, ejecting USB devices, drive-by dropper, and an extensive list of Lockdown Mode settings. The Lockdown mode gives the user an automated approach to locking down the machine at the first sign of unusual law enforcement activity."DECAF is highly configurable, giving the user complete control to on-the-fly scenarios," the Website continues. "In a moment's notice, almost every piece of hardware can be disabled, and predefined files can be deleted in the background. DECAF also gives the user an opportunity to simulate COFEE's presence by sending the application into a 'Spill the cofee' type mode. Simulation gives the user an opportunity to test his or her configuration before going live."The two hackers plan to enhance DECAF over time, the Website says. "Future versions will have text message and email triggers, so in case the computer needs to enter into lockdown mode, the user can do it remotely," the site says. "It will also have notification services where in the case of an emergency, someone can be notified. DECAF's next release is going to be available in a more lightweight version and/or a Windows service."One of the hackers attempted to explain the rationale for DECAF. "We want to promote a healthy, unrestricted free flow of Internet traffic and show why law enforcement should not solely rely on Microsoft to automate their intelligent evidence finding," the hacker told a reporter in an article published by The Register.Some of the source code for COFEE was reportedly leaked to the Web last month, and experts expressed concern that hackers would reverse-engineer the tool and develop defenses against it.DECAF is free, but users who want to download it must agree to a license stating they will not use it for illegal purposes.Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
2ff7e9595c
Comments