Computer Online Forensic Evidence Extractor - Wikipedia

Not logged in Talk Contributions Create account Log in

Article Talk Read Edit View history Search Wikipedia Go

Computer Online Forensic Evidence Extractor

From Wikipedia, the free encyclopedia
Main page   (Redirected from Cofee)
Contents Not to be confused with coffee.
Featured content
Computer Online Forensic Evidence Extractor also said (COFEE) is a tool kit, developed by Microsoft, to help computer forensic investigators
Current events
extract evidence from a Windows computer. Installed on a USB flash drive or other external disk drive, it acts as an automated forensic tool during a
Random article
Donate to Wikipedia
live analysis. Microsoft provides COFEE devices and online technical support free to law enforcement agencies.
Wikipedia store
Contents
 [hide] 
Interaction 1 Development and distribution
Help 1.1 Public leak
About Wikipedia 2 Use
Community portal 3 DECAF
Recent changes 4 See also
Contact page 5 References
6 External links
Tools

What links here

Related changes Development and distribution [ edit ]
Upload file
Special pages COFEE was developed by Anthony Fung, a former Hong Kong police officer who now works as a senior investigator on Microsoft's Internet Safety
Permanent link Enforcement Team.[1] Fung conceived the device following discussions he had at a 2006 law enforcement technology conference sponsored by
Page information Microsoft.[2] The device is used by more than 2,000 officers in at least 15 countries.[3]
Wikidata item
Cite this page A case cited by Microsoft in April 2008 credits COFEE as being crucial in a New Zealand investigation into the trafficking of child pornography,
producing evidence that led to an arrest.[1]
Print/export
In April 2009 Microsoft and Interpol signed an agreement under which INTERPOL would serve as principal international distributor of COFEE.
Create a book
University College Dublin's Center for Cyber Crime Investigations in conjunction with Interpol develops programs for training forensic experts in using
Download as PDF
COFEE.[4] The National White Collar Crime Center has been licensed by Microsoft to be the sole US domestic distributor of COFEE.[5]
Printable version

Languages Public leak [ edit ]

Deutsch On November 6, 2009, copies of Microsoft COFEE were leaked onto various torrent websites.[6] Analysis of the leaked tool indicates that it is largely
日本語
a wrapper around other utilities previously available to investigators.[7] Microsoft confirmed the leak; however a spokesperson for the firm said "We do
Русский
Edit links
not anticipate the possible availability of COFEE for cybercriminals to download and find ways to ‘build around' to be a significant concern".[8]

Use [ edit ]

The device is activated by being plugged into a USB port. It contains 150 tools and a graphical user interface to help investigators collect data.[1] The
software is reported to be made up of three sections. First COFEE is configured in advance with an investigator selecting the data they wish to export,
this is then saved to a USB device for plugging into the target computer. A further interface generates reports from the collected data.[7] Estimates
cited by Microsoft state jobs that previously took 3–4 hours can be done with COFEE in as little as 20 minutes.[1][9]

COFEE includes tools for password decryption, Internet history recovery and other data extraction.[2] It also recovers data stored in volatile memory
which could be lost if the computer were shut down.[10]

DECAF [ edit ]

In mid to late 2009 a tool named Detect and Eliminate Computer Acquired Forensics (DECAF) was announced by an uninvolved group of
programmers. The tool would reportedly protect computers against COFEE and render the tool ineffective.[11] It alleged that it would provide real-time
monitoring of COFEE signatures on USB devices and in running applications and when a COFEE signature is detected, DECAF performs numerous
user-defined processes. These included COFEE log clearing, ejecting USB devices, and contamination or spoofing of MAC addresses.[12] On
December 18, 2009 the DECAF creators announced that the tool was a hoax and part of "a stunt to raise awareness for security and the need for
better forensic tools".[13][14][15][16]

See also [ edit ]

Kali Linux
nUbuntu
Windows To Go, bootable USB drive with Windows capable of running data recovery/collection utilities

References [ edit ]
abcd
1. ^ "Brad Smith: Law Enforcement Technology Conference 9. ^ Valich, Theo (2008-05-07). "Microsoft's new product goes against
2008" . Microsoft Corporation. 2008-04-28. Retrieved 2008-05-19. crime: Meet (Hot) COFEE" . Tigervision Media. Retrieved 2008-05-19.
2. ^ a b Romano, Benjamin J. (2008-04-29). "Microsoft device helps police 10. ^ Mills, Elinor (2008-04-29). "Microsoft hosts its own police academy" .
pluck evidence from cyberscene of crime" . The Seattle Times. CNet News.com. Retrieved 2008-05-19.
Retrieved 2008-05-19. 11. ^ Michael, Bartolacci (2012). Advancements and Innovations in
3. ^ "Microsoft Calls on global public-private partnerships to Help in the Wireless Communications and Network Technologies . IGI Global.
Fight Against Cybercrime (Q&A with Tim Cranton, Associate General p. 226. ISBN 1466621540. Retrieved 26 June 2015.
Counsel for Microsoft)" . Microsoft Corporation. 2008-04-28. Retrieved 12. ^ Goodin, Dan (14 December 2009). "Hackers declare war on
2008-05-19. international forensics tool" . The Register. Retrieved 15 December
4. ^ "INTERPOL initiative with Microsoft aims to raise global standards 2009.
against cybercrime through strategic partnership with IT sector" . 13. ^ Eaton, Nick. "Anti-COFEE tool DECAF revealed as stunt" . Seattle
INTERPOL. Retrieved 2009-07-16. PI. Retrieved 26 June 2015.

https://en.wikipedia.org/wiki/Computer_Online_Forensic_Evidence_Extractor[6/7/2018 5:02:08 AM]

Computer Online Forensic Evidence Extractor - Wikipedia

5. ^ 14. ^ "DECAF Was Just a Stunt, Now Over" . Slashdot. Retrieved 26 June
http://www.microsoft.com/industry/government/solutions/cofee/default.as 2015.
px 15. ^ "Anti-forensische tool DECAF geen hoax" . Security.nl. Retrieved
6. ^ "Microsoft COFEE law enforcement tool leaks all over the Internet" . 26 June 2015.
TechCrunch. Retrieved 2009-11-07. 16. ^ Zetter, Kim (14 December 2009). "Hackers Brew Self-Destruct Code
7. ^ a b "More COFEE Please, on Second Thought" . Retrieved to Counter Police Forensics" . Wired.com. Retrieved 15 December
2009-11-09. 2009.
8. ^ Pullin, Alexandra. "Microsoft's not bothered about COFEE leak" .
The Inquirer. Retrieved 24 August 2010.

External links [ edit ]

Official website
"Microsoft Computer Online Forensic Evidence Extractor (COFEE)" . Microsoft Corporation. Archived from the original on 2012-06-21.
Retrieved 2009-10-17.
"Regular or Decaf? Tool launched to combat COFEE" . Praetorian Prefect. Retrieved 2009-12-18.
"Reactivating DECAF in Two Minutes" . Praetorian Prefect. Archived from the original on February 23, 2014. Retrieved 2009-12-18.

Categories: Computer forensics Microsoft software Law enforcement techniques Government software Digital forensics software

This page was last edited on 6 October 2017, at 05:23.

Text is available under the Creative Commons Attribution-ShareAlike License;

additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a
registered trademark of the Wikimedia Foundation, Inc., a non-profit organization.

Privacy policy About Wikipedia Disclaimers Contact Wikipedia Developers Cookie statement Mobile view

https://en.wikipedia.org/wiki/Computer_Online_Forensic_Evidence_Extractor[6/7/2018 5:02:08 AM]