Red faces as Cofee spills onto the net

Staff Writer on
Red faces as Cofee spills onto the net

Copies of Microsoft's forensic tool surface.

In an ironic twist of fate, Microsoft's Computer Online Forensic Evidence Extractor (Cofee) crime scene reporting tool has leaked onto the net.

According to the security firm Sophos and other reports, copies of the tool have surfaced on a file sharing site, and users are already downloading it.

Cofee is designed to be used by crime scene investigators, letting them download the contents of a suspicious computer without the need to insert a USB key.

Microsoft describes the system thus: "Computer Online Forensic Evidence Extractor (Cofee) is designed exclusively for use by law enforcement agencies.

"Cofee brings together a number of common digital forensics capabilities into a fast, easy-to-use, automated tool for first responders. And Cofee is being provided — at no charge — to law enforcement around the world."

Should it fall into the wrong hands it could prove a useful tool for data harvesters and thieves, security experts warn.

"The ability to grab a perfect copy of data from a PC without interfering with a computer is attractive to the computer crime authorities - and it's especially handy when more and more drives are using encryption and strong passwords to prevent unauthorised access," wrote Sophos senior technology consultant Graham Cluley, in his blog.

"But at the same time, you can probably understand why Microsoft might wish to control who can get their paws on the software."

Cluley warned that as well as using Cofee to assist them in their own malicious activities, criminals could and write their own code that " neutralises" Cofee or wipes sensitive data from their computer if they determine the tool is being run on their own machine.

"That might make life difficult for the computer cops when they try to dash-and-grab data from a suspicious PC," he added.

Copyright ©v3.co.uk
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?