When the going gets weird, the weird turn pro. - Hunter S. Thompson

30 April 2008

Nah, no way this is going to be abused

Microsoft has developed a small plug-in device that investigators can use to quickly extract forensic data from computers that may have been used in crimes.

The COFEE, which stands for Computer Online Forensic Evidence Extractor, is a USB "thumb drive" that was quietly distributed to a handful of law-enforcement agencies last June. Microsoft General Counsel Brad Smith described its use to the 350 law-enforcement experts attending a company conference Monday.

The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer.

It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence on site.
Seattle Times: Microsoft device helps police pluck evidence from cyberscene of crime

Why anyone with more than a passing interest in the security of their information would use Microsoft products in the first place is sort of beyond me.

I wonder how many of these little USB drives have gone missing or been copied since the initiation of the COFEE program... and I wonder what the inevitable follow-on DONUT program is going to do. (Talk about pandering to your audience.)

No comments: