Microsoft has developed a small plug-in device that investigators can use to quickly extract forensic data from computers that may have been used in crimes.
The COFEE, which stands for Computer Online Forensic Evidence Extractor, is a USB "thumb drive" that was quietly distributed to a handful of law-enforcement agencies last June. Microsoft General Counsel Brad Smith described its use to the 350 law-enforcement experts attending a company conference Monday.
The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer.
Now, tell me again why you want to run Windows instead of GNU/Linux?
In all fairness, this isn't a new idea and there is a similar Linux LiveCD which will work on a larger range of computers Linux tool speeds up computer forensics for cops except of course Linux will do it better.
ReplyDeleteI don't see how this would make you choose Linux over windows 'unless' COFEE can get through encryption via a back door on Windows, which the article doesn't state.
Is this COFEE Open Source? Or are Microsoft expecting the forensic scientists to just plug it in and trust that it does what it says on the tin?
ReplyDeleteWhy would anyone have any doubts about the trustworthiness of closed source software....?
ReplyDelete@jtyrrell
ReplyDeleteAs I wrote in my original comment, which seems to have disappeared, the point is, closed *can* have backdoors, but open source can't. Whether the current COFEE has such backdoors is not clear.