What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » General » General Chit Chat » MS COFEE Forensic Tool Leaks leaked

MS COFEE Forensic Tool Leaks leaked
Author: Message:
Pr0xY
Veteran Member
*****

Avatar
passwords are for treehouses

Posts: 1325
Reputation: 26
– / Male / –
Joined: Jul 2003
Status: Away
O.P. MS COFEE Forensic Tool Leaks leaked
Hmm.... Interesting! =D

quote:
Microsoft’s much sought-after COFEE law-enforcement forensic tool has leaked onto the Internet. One user uploaded it to private tracker What.cd to collect a huge 1.6tb bounty. However, in a sensible move, the admins of the site took action to remove the link and ban further sharing of the tool via the site.

Law enforcement agencies around the world face a common challenge in their fight against cybercrime, child pornography, online fraud, and other computer-facilitated crimes,” says the marketing blurb on Microsoft’s site.

“They must capture important evidence on a computer at the scene of an investigation before it is powered down and removed for later analysis. ‘Live’ evidence, such as active system processes and network data, is volatile and may be lost in the process of turning off a computer. How does an officer on the scene effectively do this if he or she is not a trained computer forensics expert?” Using COFEE, of course.

The Computer Online Forensic Evidence Extractor (COFEE) is a piece of software designed for the use of law enforcement agencies, and provided to the same free of charge by Microsoft. And, largely because of its mystique, has been a much sought-after piece of code.

Indeed, on the private tracker What.cd, users had offered a huge bounty (a reward for finding and sharing something) of 1.6 terabytes.

During the last day or so, a user – who had only been a member for a matter of weeks – uploaded COFEE.

However, What.cd then took the unusual step of removing the torrent. Not just an unusual step but, in my opinion, a very sensible step indeed.

“Suddenly, we were forced to take a real look at the program, its source, and the potential impact on the site and security of our users and staff,” said What.cd management in a statement.

“And when we did, we didn’t like what came of it. So, a decision was made. The torrent was removed (and it is not to be uploaded here again),” they added.

According to the site’s staff, neither them or their host was threatened by Microsoft or law enforcement. The decision was taken purely on the issue of site and member security.

Of course, the tool is now widely available from other sources and while some are saying that the tool is useless to regular Internet users, there are others who disagree. It certainly won’t take long for a detailed analysis to appear.

There will doubtless be lots of finger-wagging and complaints that this tool has become available in this way, but as with unexpected leaks of anything from software, to movies, to music, rarely is the finger pointed at the initial supplier of the material. That is usually way too embarrassing to reveal.
Source

11-08-2009 10:49 PM
Profile PM Find Quote Report
andrey
elite shoutboxer
****

Avatar

Posts: 795
Reputation: 48
– / Male / Flag
Joined: Aug 2004
RE: MS COFEE Forensic Tool Leaks leaked
old :p

But seriously, from what I've read it's not interesting at all. Just a few programs thrown together on an USB stick to collect very basic data from a PC.

This post was edited on 11-10-2009 at 04:29 PM by andrey.
[Image: w2kzw8qp-sq2_dz_b_xmas.png]
11-08-2009 11:08 PM
Profile PM Find Quote Report
WDZ
Former Admin
*****

Avatar

Posts: 7106
Reputation: 107
– / Male / Flag
Joined: Mar 2002
RE: MS COFEE Forensic Tool Leaks leaked
quote:
Originally posted by andrey
But seriously, from what I've read it's not interesting at all. Just a few programs thrown together on an USB stick to collect very basic data from a PC.
Yeah, I dunno why it would be so sought-after... I doubt it takes advantage of any secret backdoors in Windows. :tongue:
quote:
"It's a rather straightforward tool and it uses a lot of off-the-shelf technology already," said Richard Boscovich, a senior attorney for Microsoft's World Wide Internet Security Program.
quote:
Tim Cranton, the company associate general counsel, said in an e-mail statement that "COFEE does not circumvent Windows Vista BitLocker encryption or undermine any protections in Windows through secret 'backdoors' or other undocumented means."

I guess the fact that it was developed by Microsoft and had a bunch of news articles written about it got people interested.

This post was edited on 11-08-2009 at 11:25 PM by WDZ.
11-08-2009 11:20 PM
Profile PM Web Find Quote Report
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On