Category Archives: Forensics

Microsoft handing out free COFEE.. Its not Starbucks related

3 Replies

You have heard me mention COFEE (Computer Online Forensic Evidence Extractor) before when I was speaking about EnCase’s latest portable forensics tool.
Microsoft have now published a press release detailing how COFEE is going to be given out to US Law Enforcement types at no cost.

Today at the Digital Crimes Consortium, Microsoft Corp. and the National White Collar Crime Center (NW3C) — the nation’s premier provider of economic and high-tech crime training to law enforcement agencies — announced an agreement establishing NW3C as the first U.S.-based distributor of the Computer Online Forensic Evidence Extractor (COFEE). A Microsoft-developed program, COFEE uses digital forensic technologies to help investigators gather evidence of live computer activity at the scene of a crime, regardless of their technical expertise. This agreement will make COFEE available to law enforcement agencies at no charge so they can better combat the growing and increasingly complex ways that criminals use the Internet to commit crimes. This distribution agreement broadens availability for law enforcement agencies, building on Microsoft’s April 2009 distribution agreement with INTERPOL, which is making the COFEE tool available to law enforcement in each of its 187 member countries.

This is interesting for Microsoft, and I think in some ways it does show some continued commitment to InfoSec, but it also doesnt do their publicity any harm.

I have not got my hands on a copy of COFEE, I guess for obvious reasons. However I would guess at it being abit similar to WOLF (Windows Online Forensics) which Microsoft use for their internal incident response. I have seen this tool, and it is quick and simple to use. This is the basic selling (I know its free) of COFEE for law enforcement, they can simply plug and go. It my understanding they will plug it in, it will run a few scripts and collect all the relevant digital evidence and volatile data. I don’t see this as being a replacement for EnCase and FTK type offerings, but its going to be a handy bit of kit for law enforcement response units, I just hope it doesn’t dumb down the forensics skill set.

Microsoft COFEE

Microsoft COFEE

Law enforcement agents with less than 10 minutes training can capture live evidence of illegal activity by inserting the COFEE USB device into a computer. The evidence is then preserved for analysis, protecting it from being destroyed when the computer is turned off for moving.

EnCase Portable… Data Collection on the move

Leave a reply

So EnCase are releasing a new USB offering, called EnCase Portable. I am a big fan of the EnCase product, having attending many of their training courses, and using their product in the corporate environment.

EnCase say this new tool makes data gathering in the field a doddle, and I guess it something similar to Microsofts Cofee Offering (I will speak about this more once I get a copy) and allows anyone to plug in, say whats needed and let the software do the data collection.

I think this is the way alot of these tools will be going for data collection, especially as the use of NetBooks is growing and they dont have a CD drive to boot from.

EnCase Portable is a data acquisition solution delivered on a USB drive that leverages the powerful search and acquisition capabilities of EnCase®.  The solution searches a targeted computer and automatically collects data, including documents, Internet history and artifacts, images, other digital evidence, and even entire hard drives.

Unlike other solutions that reside on laptops, EnCase Portable is a pocket-sized tool that saves time and money.  Users can collect forensically-sound data when target systems cannot be transported due to cost or time constraints imposed in field situations.

Key Features

  • Plug in and collect data immediately
  • Enable novice computer users to be data collectors in matter of minutes
  • Acquire data anywhere with EnCase Portable’s pocket-sized kit
  • Search and collect cyber-intelligence without leaving a trace
  • Store collected data in the forensically sound, court-validated EnCase® Logical Evidence File format
  • Capture data from running or powered-off systems
  • Customize search and collection jobs to create and configure more complex search criteria
  • Easily install EnCase Portable on any USB drive