Microsoft distributes flash drive with magic abilities

By Benjamin J. Romano

Seattle Times technology reporter source

Microsoft has developed a small plug-in device that investigators can use to quickly extract forensic data from computers that may have been used in crimes.

The COFEE, which stands for Computer Online Forensic Evidence Extractor, is a USB "thumb drive" that was quietly distributed to a handful of law-enforcement agencies last June. Microsoft General Counsel Brad Smith described its use to the 350 law-enforcement experts attending a company conference Monday.

The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer.

It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence on site.

More than 2,000 officers in 15 countries, including Poland, the Philippines, Germany, New Zealand and the United States, are using the device, which Microsoft provides free.

"These are things that we invest substantial resources in, but not from the perspective of selling to make money," Smith said in an interview. "We're doing this to help ensure that the Internet stays safe."

Law-enforcement officials from agencies in 35 countries are in Redmond this week to talk about how technology can help fight crime. Microsoft held a similar event in 2006. Discussions there led to the creation of COFEE.

Smith compared the Internet of today to London and other Industrial Revolution cities in the early 1800s. As people flocked from small communities where everyone knew each other, an anonymity emerged in the cities and a rise in crime followed.

The social aspects of Web 2.0 are like "new digital cities," Smith said. Publishers, interested in creating huge audiences to sell advertising, let people participate anonymously.

That's allowing "criminals to infiltrate the community, become part of the conversation and persuade people to part with personal information," Smith said.

Children are particularly at risk to anonymous predators or those with false identities. "Criminals seek to win a child's confidence in cyberspace and meet in real space," Smith cautioned.

Expertise and technology like COFEE are needed to investigate cybercrime, and, increasingly, real-world crimes.

advertising

"So many of our crimes today, just as our lives, involve the Internet and other digital evidence," said Lisa Johnson, who heads the Special Assault Unit in the King County Prosecuting Attorney's Office.

A suspect's online activities can corroborate a crime or dispel an alibi, she said.

The 35 individual law-enforcement agencies in King County, for example, don't have the resources to investigate the explosion of digital evidence they seize, said Johnson, who attended the conference.

"They might even choose not to seize it because they don't know what to do with it," she said. "... We've kind of equated it to asking specific law-enforcement agencies to do their own DNA analysis. You can't possibly do that."

Johnson said the prosecutor's office, the Washington Attorney General's Office and Microsoft are working on a proposal to the Legislature to fund computer forensic crime labs.

Microsoft also got credit for other public-private partnerships around law enforcement.

Jean-Michel Louboutin, Interpol's executive director of police services, said only 10 of 50 African countries have dedicated cybercrime investigative units.

"The digital divide is no exaggeration," he told the conference. "Even in countries with dedicated cybercrime units, expertise is often too scarce."

He credited Microsoft for helping Interpol develop training materials and international databases used to prevent child abuse.

Smith acknowledged Microsoft's efforts are not purely altruistic. It benefits from selling collaboration software and other technology to law-enforcement agencies, just like everybody else, he said.

------------------------------
Wait till TSA gets their hands on these babies....

Edit: I know I didn't use the article title from the original source, but whatever.

You probably can buy a knockoff or an original even now on the black market (or the back door of Microsoft.) It will be used to extract pin codes and passwords as well as as other personal information that will then be used to empty your bank account. And it will be up to the hapless victims to try and reclaim their identities with no help from the authorities.

forced to run Linux on his pc.

dance, can't I??

White House computers to extract the emails!

Get that COFEE over to the White House, pronto!

the tech blogs I've been on today are kinda iffy as to whether it will work on Macs (plus there is macpicklock anyway). The only "safe" way is a Linux distro plus trucrypt or something similar.

and anyone can get access to them. Microsoft did not even create any of the forensic tools, they just packaged them all up and put them on a flash drive with a script that allows you to run them one after the other.

that freaks me out. It will not be very long before every police officer and TSA agent has one. That scares me.

Strong encryption will prevent some of these attacks.

Look at various tools even Microsoft builds one into their OS. The best probably is from PGP or TrueCrypt (Free).

Just don't forget your password and backup your data. Damaged encrypted files cannot be recovered.

Many business laptops and desktops come with TPM modules (they can be used for great evil) but also support encryption of the entire disk.

is an "Index file" in the cookies folder that has an index of all sites visited. The only way to clear this baby is to boot to dos and save a blank file of the same name in the cookies folder. In Win2K it's possible to boot to dos with the recovery console, in XP not too sure but there must be a way.

that was when the Internet was newer to more people. Now, I'm reading more and more that those with "false identities" are considered up to no good by security experts. Such hypocrisy.

:hippie:

Yes, this confirms you are an enemy of the homeland! You are under arrest!

And when they finally take the black canvas sack off of your head after a long flight in the night you are sitting naked in a trash can full of icewater and forced to listen to "Wildfire" over and over and over again.

She comes down from Yellow Mountain
On a dark, flat land she rides
On a pony she named Wildfire
With a whirlwind by her side
On a cold Nebraska night

Oh, they say she died one winter
When there came a killing frost...

Right? Right?

Bueller?

*(No.)