Lucene search

K
threatpostRyan NaraineTHREATPOST:D587192A5DA9FB1680FF9D453F96B972
HistoryOct 19, 2009 - 6:59 p.m.

Free COFEE Helps Law Enforcement Forensics

2009-10-1918:59:24
Ryan Naraine
threatpost.com
74

0.974 High

EPSS

Percentile

99.9%

Microsoft has announced plans to give away free versions of its COFEE (Computer Online Forensic Evidence Extractor) utility to help law enforcement agencies in cyber-crime investigations.

COFEE uses digital forensic technologies to help investigators gather evidence of live computer activity at the scene of a crime, regardless of technical expertise.

Law enforcement agents with less than 10 minutes training can capture live evidence of illegal activity by inserting the COFEE USB device into a computer.

The evidence is then preserved for analysis, protecting it from being destroyed when the computer is turned off for moving.

Microsoft explains:

> A common challenge of cybercrime investigations is the need to conduct forensic analysis on a computer before it is powered down and restarted. Live evidence, such as some active system processes and network data, is volatile and may be lost while a computer is turning off. This evidence may contain information that could assist in the investigation and prosecution of a crime. With COFEE, a front-line officer doesn’t have to be a computer expert to capture this volatile information before turning off the computer on the scene for later analysis. An officer with minimal computer experience can be tutored to use a pre-configured COFEE device in less than 10 minutes. This enables him or her to take advantage of common digital forensics tools the experts use to gather important volatile evidence while doing little more than simply inserting a USB device into the computer.

Read the full announcement [microsoft.com]

0.974 High

EPSS

Percentile

99.9%

Related for THREATPOST:D587192A5DA9FB1680FF9D453F96B972