Microsoft has developed a small plug-in device that investigators can use to quickly extract forensic data from computers that may have been used in crimes.Seattle Times: Microsoft device helps police pluck evidence from cyberscene of crime
The COFEE, which stands for Computer Online Forensic Evidence Extractor, is a USB "thumb drive" that was quietly distributed to a handful of law-enforcement agencies last June. Microsoft General Counsel Brad Smith described its use to the 350 law-enforcement experts attending a company conference Monday.
The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer.
It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence on site.
Why anyone with more than a passing interest in the security of their information would use Microsoft products in the first place is sort of beyond me.
I wonder how many of these little USB drives have gone missing or been copied since the initiation of the COFEE program... and I wonder what the inevitable follow-on DONUT program is going to do. (Talk about pandering to your audience.)