Microsoft revealed its development of a digital forensic analysis toolkit at a security conference yesterday as part of a wider discussion of how technology can be used to fight crime. The Computer Online Forensic Evidence Extractor, or COFEE for short, is a USB thumb drive that contains software capable of executing approximately 150 separate commands. Once plugged in, COFEE can be ordered to decrypt system passwords, display a history of internet activity, and search the system for evidence.
Details on precisely what the device can do have been kept vague, probably on purpose, but the Seattle Times reports that Microsoft has been distributing the devices to law enforcement agencies around the world since last June. Currently, about 2,000 people in 15 countries world-wide have access to the devices, which allow police to gather dig for data immediately onsite, thus avoiding the wait involved in offsite analysis COFEE also allows law enforcement to snapshot any data that might be lost when a system is shut down for seizure and transport.
Microsoft, Law, Digital, Forensic, Analysis, Tookit, PC, Security