“DECAF provides real-time monitoring for COFEE signatures on USB devices and running applications. “DECAF is a counter intelligence tool specifically created around the obstruction of the well known Microsoft product COFEE used by law enforcement around the world," reads the official description of the tool. The tool is preloaded on a USB which needs only be connected to the Windows machine from which it extracts a disk image.ĭECAF is, in this context, the anti-COFEE. COFEE was created so that even non-technical members of Law Enforcement can be trained in a matter of minutes, to use it and extract precious information that is lost in the eventuality of s system restart or power off, namely volatile data. The official Computer Online Forensic Evidence Extractor label is designed to describe nothing more than a data collection tool for live Windows systems. COFEE is supplied to authorities in the United States via the National White Collar Crime Center (NW3C) distributor, and worldwide through the International Criminal Police Organization (Interpol). Obviously, the Redmond company was wrong. Its value for law enforcement is not in secret functionality unknown to cybercriminals, its value is in the way COFEE brings those tools together in a simple and customizable format for law enforcement use in the field,” stated Richard Boscovich, senior attorney, Internet Safety at Microsoft Corporation, on November 10th, 2009. COFEE was designed and provided for use by law enforcement with proper legal authority, but is essentially a collection of digital forensic tools already commonly used around the world. “we do not anticipate the possible availability of COFEE for cybercriminals to download and find ways to ‘build around’ to be a significant concern. When it first confirmed the COFEE leakage, Microsoft noted that it did not foresee a mitigation being created. DECAF can be grabbed from a website set up for it by a developer, which for obvious reasons wishes to remain anonymous. At the time of this article, the leaked version of COFEE continues to be offered for download on BitTorrent trackers and warez websites. DECAF comes on the heels of a COFEE leak, after the free forensics tool from the Redmond company made its way into the wild. The antidote for Computer Online Forensic Evidence Extractor ( COFEE) has been released to web and is currently available for download under the moniker DECAF, an acronym for Detect and Eliminate Computer Assisted Forensics. It looks like a free tool Microsoft is providing to forensics investigators in approximately 190 markets worldwide has found its match.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2023
Categories |