Microsoft device helps police pluck evidence from cyberscene of crime
By Benjamin J. Romano
Seattle Times technology reporter
Microsoft has developed a small plug-in device that investigators can use to quickly extract forensic data from computers that may have been used in crimes.
The COFEE, which stands for Computer Online Forensic Evidence Extractor, is a USB "thumb drive" that was quietly distributed to a handful of law-enforcement agencies last June. Microsoft General Counsel Brad Smith described its use to the 350 law-enforcement experts attending a company conference Monday.
The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer.
It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence on site.
More than 2,000 officers in 15 countries, including Poland, the Philippines, Germany, New Zealand and the United States, are using the device, which Microsoft provides free.
"These are things that we invest substantial resources in, but not from the perspective of selling to make money," Smith said in an interview. "We're doing this to help ensure that the Internet stays safe."
Delicious
Digg
Reddit
Newsvine
Furl
Google
Yahoo
give me another reason
give me another reason to hate MS... I don't need many more before I have the complete set!
I'm wondering how many of
I'm wondering how many of those USB things have been copied. I'm also taking note that this bypassing security thing is possible to do.
good point
so this thing is OS-independent? I didn't even know that was possible...
No, it's Windows as far as I
No, it's Windows as far as I know.