121:
On
November 6, 2009, copies of Microsoft COFEE were leaked onto various torrent websites. Analysis of the leaked tool indicates that it is largely a wrapper around other utilities previously available to investigators. Microsoft confirmed the leak; however a spokesperson for the firm said "We do not
134:
port. It contains 150 tools and a graphical user interface to help investigators collect data. The software is reported to be made up of three sections. First COFEE is configured in advance with an investigator selecting the data they wish to export, this is then saved to a USB device for plugging
158:
In mid to late 2009 a tool named Detect and
Eliminate Computer Acquired Forensics (DECAF) was announced by an uninvolved group of programmers. The tool would reportedly protect computers against COFEE and render the tool ineffective. It alleged that it would provide real-time monitoring of COFEE
86:
who now works as a senior investigator on
Microsoft's Internet Safety Enforcement Team. Fung conceived the device following discussions he had at a 2006 law enforcement technology conference sponsored by Microsoft. The device is used by more than 2,000 officers in at least 15 countries.
163:
devices and in running applications and that when a COFEE signature is detected, DECAF would perform numerous user-defined processes. These included COFEE log clearing, ejecting USB devices, and contamination or spoofing of
135:
into the target computer. A further interface generates reports from the collected data. Estimates cited by
Microsoft state jobs that previously took 3–4 hours can be done with COFEE in as little as 20 minutes.
361:
168:. On December 18, 2009, the DECAF creators announced that the tool was a hoax and part of "a stunt to raise awareness for security and the need for better forensic tools".
706:
269:"Microsoft Calls on global public-private partnerships to Help in the Fight Against Cybercrime (Q&A with Tim Cranton, Associate General Counsel for Microsoft)"
729:
414:
503:
683:
322:
369:
293:
214:
122:
anticipate the possible availability of COFEE for cybercriminals to download and find ways to ‘build around' to be a significant concern".
109:'s Center for Cyber Crime Investigations in conjunction with Interpol develops programs for training forensic experts in using COFEE. The
347:
294:"INTERPOL initiative with Microsoft aims to raise global standards against cybercrime through strategic partnership with IT sector"
714:
477:
451:
560:
776:
766:
513:
110:
393:
737:
582:
604:
436:
268:
691:
326:
247:
771:
761:
301:
105:
signed an agreement under which INTERPOL would serve as principal international distributor of COFEE.
537:
222:
106:
68:
64:
71:. Microsoft provides COFEE devices and online technical support free to law enforcement agencies.
687:
272:
218:
17:
8:
650:
627:
733:
710:
190:, bootable USB drive with Windows capable of running data recovery/collection utilities
49:
509:
430:
341:
139:
95:
56:
481:
455:
60:
505:
Advancements and
Innovations in Wireless Communications and Network Technologies
113:
has been licensed by
Microsoft to be the sole US domestic distributor of COFEE.
83:
755:
187:
146:
history recovery and other data extraction. It also recovers data stored in
90:
A case cited by
Microsoft in April 2008 credits COFEE as being crucial in a
165:
91:
365:
248:"Microsoft device helps police pluck evidence from cyberscene of crime"
177:
80:
45:
297:
143:
102:
362:"Microsoft COFEE law enforcement tool leaks all over the Internet"
182:
53:
684:"Microsoft Computer Online Forensic Evidence Extractor (COFEE)"
417:. The Inquirer. Archived from the original on November 14, 2009
31:
452:"Microsoft's new product goes against crime: Meet (Hot) COFEE"
628:"Hackers Brew Self-Destruct Code to Counter Police Forensics"
675:
160:
147:
131:
215:"Brad Smith: Law Enforcement Technology Conference 2008"
538:"Hackers declare war on international forensics tool"
150:
which could be lost if the computer were shut down.
707:"Regular or Decaf? Tool launched to combat COFEE"
67:, it acts as an automated forensic tool during a
753:
130:The device is activated by being plugged into a
74:
529:
79:COFEE was developed by Anthony Fung, a former
30:"COFEE" redirects here. For the beverage, see
209:
207:
205:
203:
98:, producing evidence that led to an arrest.
415:"Microsoft's not bothered about COFEE leak"
38:Computer Online Forensic Evidence Extractor
241:
239:
200:
561:"Anti-COFEE tool DECAF revealed as stunt"
354:
478:"Microsoft hosts its own police academy"
469:
605:"Anti-forensische tool DECAF geen hoax"
501:
286:
236:
14:
754:
625:
535:
449:
443:
394:"More COFEE Please, on Second Thought"
388:
386:
346:: CS1 maint: archived copy as title (
245:
94:investigation into the trafficking of
619:
475:
730:"Reactivating DECAF in Two Minutes"
454:. Tigervision Media. Archived from
383:
24:
583:"DECAF Was Just a Stunt, Now Over"
412:
406:
261:
246:Romano, Benjamin J. (2008-04-29).
111:National White Collar Crime Center
25:
788:
667:
648:
558:
626:Zetter, Kim (14 December 2009).
536:Goodin, Dan (14 December 2009).
642:
597:
575:
552:
495:
480:. CNet News.com. Archived from
50:computer forensic investigators
315:
116:
44:) is a tool kit, developed by
13:
1:
651:"computer forensics services"
194:
585:. Slashdot. 18 December 2009
502:Michael, Bartolacci (2012).
476:Mills, Elinor (2008-04-29).
221:. 2008-04-28. Archived from
101:In April 2009 Microsoft and
75:Development and distribution
7:
508:. IGI Global. p. 226.
450:Valich, Theo (2008-05-07).
171:
10:
793:
777:Digital forensics software
767:Law enforcement techniques
29:
435:: CS1 maint: unfit URL (
138:COFEE includes tools for
107:University College Dublin
153:
52:extract evidence from a
125:
688:Microsoft Corporation
273:Microsoft Corporation
219:Microsoft Corporation
740:on February 23, 2014
772:Government software
413:Pullin, Alexandra.
250:. The Seattle Times
140:password decryption
65:external disk drive
762:Microsoft software
734:Praetorian Prefect
711:Praetorian Prefect
96:child pornography
59:. Installed on a
27:Forensic software
16:(Redirected from
784:
748:
746:
745:
736:. Archived from
725:
723:
722:
713:. Archived from
702:
700:
699:
690:. Archived from
679:
678:
676:Official website
662:
661:
659:
657:
646:
640:
639:
637:
635:
623:
617:
616:
614:
612:
601:
595:
594:
592:
590:
579:
573:
572:
570:
568:
556:
550:
549:
547:
545:
533:
527:
526:
524:
522:
499:
493:
492:
490:
489:
473:
467:
466:
464:
463:
447:
441:
440:
434:
426:
424:
422:
410:
404:
403:
401:
400:
390:
381:
380:
378:
377:
368:. Archived from
358:
352:
351:
345:
337:
335:
334:
325:. Archived from
319:
313:
312:
310:
309:
300:. Archived from
290:
284:
283:
281:
280:
265:
259:
258:
256:
255:
243:
234:
233:
231:
230:
211:
21:
792:
791:
787:
786:
785:
783:
782:
781:
752:
751:
743:
741:
728:
720:
718:
705:
697:
695:
682:
674:
673:
670:
665:
655:
653:
647:
643:
633:
631:
624:
620:
610:
608:
603:
602:
598:
588:
586:
581:
580:
576:
566:
564:
557:
553:
543:
541:
534:
530:
520:
518:
516:
500:
496:
487:
485:
474:
470:
461:
459:
448:
444:
428:
427:
420:
418:
411:
407:
398:
396:
392:
391:
384:
375:
373:
360:
359:
355:
339:
338:
332:
330:
323:"Archived copy"
321:
320:
316:
307:
305:
292:
291:
287:
278:
276:
267:
266:
262:
253:
251:
244:
237:
228:
226:
213:
212:
201:
197:
174:
156:
148:volatile memory
128:
119:
77:
61:USB flash drive
35:
28:
23:
22:
15:
12:
11:
5:
790:
780:
779:
774:
769:
764:
750:
749:
726:
703:
680:
669:
668:External links
666:
664:
663:
641:
618:
596:
574:
551:
540:. The Register
528:
515:978-1466621541
514:
494:
468:
442:
405:
382:
353:
314:
285:
260:
235:
198:
196:
193:
192:
191:
185:
180:
173:
170:
159:signatures on
155:
152:
127:
124:
118:
115:
84:police officer
76:
73:
26:
9:
6:
4:
3:
2:
789:
778:
775:
773:
770:
768:
765:
763:
760:
759:
757:
739:
735:
731:
727:
717:on 2009-12-18
716:
712:
708:
704:
694:on 2012-06-21
693:
689:
685:
681:
677:
672:
671:
652:
649:Peter, Jeff.
645:
629:
622:
607:. Security.nl
606:
600:
584:
578:
562:
559:Eaton, Nick.
555:
539:
532:
517:
511:
507:
506:
498:
484:on 2012-05-15
483:
479:
472:
458:on 2008-05-17
457:
453:
446:
438:
432:
416:
409:
395:
389:
387:
372:on 2012-08-26
371:
367:
363:
357:
349:
343:
329:on 2012-06-21
328:
324:
318:
304:on 2009-07-15
303:
299:
295:
289:
274:
270:
264:
249:
242:
240:
225:on 2012-02-23
224:
220:
216:
210:
208:
206:
204:
199:
189:
188:Windows To Go
186:
184:
181:
179:
176:
175:
169:
167:
166:MAC addresses
162:
151:
149:
145:
141:
136:
133:
123:
114:
112:
108:
104:
99:
97:
93:
88:
85:
82:
72:
70:
69:live analysis
66:
62:
58:
55:
51:
47:
43:
39:
33:
19:
742:. Retrieved
738:the original
719:. Retrieved
715:the original
696:. Retrieved
692:the original
654:. Retrieved
644:
632:. Retrieved
621:
609:. Retrieved
599:
587:. Retrieved
577:
565:. Retrieved
563:. Seattle PI
554:
542:. Retrieved
531:
519:. Retrieved
504:
497:
486:. Retrieved
482:the original
471:
460:. Retrieved
456:the original
445:
419:. Retrieved
408:
397:. Retrieved
374:. Retrieved
370:the original
356:
331:. Retrieved
327:the original
317:
306:. Retrieved
302:the original
288:
277:. Retrieved
275:. 2008-04-28
263:
252:. Retrieved
227:. Retrieved
223:the original
157:
137:
129:
120:
100:
89:
78:
41:
37:
36:
634:15 December
630:. Wired.com
544:15 December
117:Public leak
92:New Zealand
756:Categories
744:2009-12-18
721:2009-12-18
698:2009-10-17
488:2008-05-19
462:2008-05-19
399:2009-11-09
376:2009-11-07
366:TechCrunch
333:2009-10-27
308:2009-07-16
279:2008-05-19
254:2008-05-19
229:2008-05-19
195:References
178:Kali Linux
48:, to help
421:24 August
81:Hong Kong
63:or other
46:Microsoft
431:cite web
342:cite web
298:INTERPOL
172:See also
144:Internet
103:Interpol
57:computer
656:19 June
611:26 June
589:26 June
567:26 June
521:26 June
183:nUbuntu
54:Windows
512:
32:Coffee
154:DECAF
42:COFEE
18:DECAF
658:2023
636:2009
613:2015
591:2015
569:2015
546:2009
523:2015
510:ISBN
437:link
423:2010
348:link
161:USB
132:USB
126:Use
758::
732:.
709:.
686:.
433:}}
429:{{
385:^
364:.
344:}}
340:{{
296:.
271:.
238:^
217:.
202:^
142:,
747:.
724:.
701:.
660:.
638:.
615:.
593:.
571:.
548:.
525:.
491:.
465:.
439:)
425:.
402:.
379:.
350:)
336:.
311:.
282:.
257:.
232:.
40:(
34:.
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.