Investigation Tools was copied by pirates
A tool designed by Microsoft to help investigators has been leaked to the net on file sharing networks, and is now available to all.
Microsoft Computer Online Forensic Evidence Extractor (COFEE) was actually a secret program of about 15 MB that would help investigators to collect evidence from computers.
Microsoft describes the tool on its website like this:
With COFEE, law enforcement agencies without on-the-scene computer forensics capabilities can now more easily, reliably, and cost-effectively collect volatile live evidence. An officer with even minimal computer experience can be tutored—in less than 10 minutes—to use a pre-configured COFEE device. This enables the officer to take advantage of the same common digital forensics tools used by experts to gather important volatile evidence, while doing little more than simply inserting a USB device into the computer.
The tool is specially designed to obtain evidence for ID theft, online fraud, child pornography and other similar offenses. It is designed to be included on a memory stick, and be readily available to investigators.
There are 150 commands that can be run which makes retrieval process quick and easy. According to Microsoft may even investigators with minimal computer experience, be trained in the use of 10 minutes using a predefined COFEE device.
Besides requiring COFEE Windows XP configuration. It has so far partial Vista support, but this is not 100% supported. It is working in general with a new version that will support both Vista and Windows 7
