Microsoft has developed a small plug-in device that investigators can use to quickly extract forensic data from computers that may have been used in crimes.
The COFEE, which stands for Computer Online Forensic Evidence Extractor, is a USB “thumb drive” that was quietly distributed to a handful of law-enforcement agencies last June. Microsoft General Counsel Brad Smith described its use to the 350 law-enforcement experts attending a company conference Monday.
The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer’s Internet activity, as well as data stored in the computer.
It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence on site.
I found this story via Abe, who wrote “Microsoft hacks itself. How retarded is this company? I can imagine they are now about to get sued for false security claims…”
But looking at the story it doesn’t sound like backdoors were written for law enforcement. It sounds more like a collection of tools – like password decryption – that are available from multiple third parties, compiled into a single, easy to use device for non-technical uses.