[[Merged] Microsoft Officially steals the Switchblade]

http://seattletimes.nwsource.com/html/micr..._msftlaw29.html

Microsoft device helps police pluck evidence from cyberscene of crime

By Benjamin J. Romano

Seattle Times technology reporter

Microsoft has developed a small plug-in device that investigators can use to quickly extract forensic data from computers that may have been used in crimes.

The COFEE, which stands for Computer Online Forensic Evidence Extractor, is a USB "thumb drive" that was quietly distributed to a handful of law-enforcement agencies last June. Microsoft General Counsel Brad Smith described its use to the 350 law-enforcement experts attending a company conference Monday.

The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer.

It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence on site.

More than 2,000 officers in 15 countries, including Poland, the Philippines, Germany, New Zealand and the United States, are using the device, which Microsoft provides free.

"These are things that we invest substantial resources in, but not from the perspective of selling to make money," Smith said in an interview. "We're doing this to help ensure that the Internet stays safe."

Law-enforcement officials from agencies in 35 countries are in Redmond this week to talk about how technology can help fight crime. Microsoft held a similar event in 2006. Discussions there led to the creation of COFEE.

Smith compared the Internet of today to London and other Industrial Revolution cities in the early 1800s. As people flocked from small communities where everyone knew each other, an anonymity emerged in the cities and a rise in crime followed.

The social aspects of Web 2.0 are like "new digital cities," Smith said. Publishers, interested in creating huge audiences to sell advertising, let people participate anonymously.

That's allowing "criminals to infiltrate the community, become part of the conversation and persuade people to part with personal information," Smith said.

Children are particularly at risk to anonymous predators or those with false identities. "Criminals seek to win a child's confidence in cyberspace and meet in real space," Smith cautioned.

Expertise and technology like COFEE are needed to investigate cybercrime, and, increasingly, real-world crimes.

"So many of our crimes today, just as our lives, involve the Internet and other digital evidence," said Lisa Johnson, who heads the Special Assault Unit in the King County Prosecuting Attorney's Office.

A suspect's online activities can corroborate a crime or dispel an alibi, she said.

The 35 individual law-enforcement agencies in King County, for example, don't have the resources to investigate the explosion of digital evidence they seize, said Johnson, who attended the conference.

"They might even choose not to seize it because they don't know what to do with it," she said. "... We've kind of equated it to asking specific law-enforcement agencies to do their own DNA analysis. You can't possibly do that."

Johnson said the prosecutor's office, the Washington Attorney General's Office and Microsoft are working on a proposal to the Legislature to fund computer forensic crime labs.

Microsoft also got credit for other public-private partnerships around law enforcement.

Jean-Michel Louboutin, Interpol's executive director of police services, said only 10 of 50 African countries have dedicated cybercrime investigative units.

"The digital divide is no exaggeration," he told the conference. "Even in countries with dedicated cybercrime units, expertise is often too scarce."

He credited Microsoft for helping Interpol develop training materials and international databases used to prevent child abuse.

Smith acknowledged Microsoft's efforts are not purely altruistic. It benefits from selling collaboration software and other technology to law-enforcement agencies, just like everybody else, he said.

Benjamin J. Romano: 206-464-2149 or bromano@seattletimes.com

Copyright © 2008 The Seattle Times Company

[Podcaster's Meetup]

... that was supposed to go on the calendar...

[Podcaster's Meetup]

Come meet the faces behind the microphones, cameras and mixers at the second annual Podcaster’s Meetup hosted at ShmooCon ‘08. Swag, contests, and a live broadcast. Among the famous and not so famous will be SploitCast, Pauldotcom, Hak.5 and Secthis along with many more of your favorite shows and hosts. It’s on Friday the 15th after the talks are done and dusted. For further updates and information check out PodcastersMeetup.com

[Hak5 Community Showcase/Convention/Bar-b-q whatever...]

So it to stop ppl hacking you.

Not so much hacking you as sniffing you for personal information. Personal information is not only useful to the hacker, it is useful to the social engineer. You might think something as simple as your instant messenger name is uninportant knowlege, but at conferences such as these, all the data that is pumped over the conference wire is published to the public. So, after the conference, I could download that data, and target you by filtering through for your messenger name, they can find and possibly decrypt your password.

I can go in to much more detail, but then again, a magician never reveals the whole trick.

[Hak5 + Hackers movie = Trust Your Technolust?]

It's cool to check out where the actors and actresses that were in Hack.ers are now.

[Best FREE RSS program???]

Wow, that podcastready thing is a heap!!!  Thanks for the suggestion though, but that program is terrible!  Miro seems to be WAY to bulky to just have a simple program that will download files for me via RSS...  Plus, I'm not even sure it does that...

Sorry mate, when I used podcastready it was awesome, just run it when you go to bed, it remembers what you listen to and deletes it automagically.

[Hak5 Community Showcase/Convention/Bar-b-q whatever...]

should hold it in the land of BBQ's Australia.

When I start making the big bucks, I will get back over to Ol' Aus

Metatron = The Hak.5 Dr. House...

Cool, at ShmooCon I'll just look for the guy with a cane and a colorful personality

[Best FREE RSS program???]

I forget what it's called but it's something like mypodder or podcastready, you can google either and find it I'm sure, but that would be my suggestion for a non-iTunes rss feed downloader.

Now, if you want something more robust, try Miro.

[Hak5 Community Showcase/Convention/Bar-b-q whatever...]

Metatron, you might miss your chance to win an eee-pc if you don't show up.

I had one and didn't like it at all. it serves no useful purpose in my life, I've talked about my reasons in other threads. If I wanted another one, which I might when they come with better screens and wimax I'll by one myself or get one for free from somewhere.

I really only talk to people I respect at some level, I try to avoid scene whores. 

I'm sorry I said anything...

[Hak5 Community Showcase/Convention/Bar-b-q whatever...]

Metatron, you might miss your chance to win an eee-pc if you don't show up.

[Custom Hak5Radio]

http://www.hak5radio.com/stats.php provided for your coding pleasure.

Also, if you wish to fix the code, since it is borked a little on polling certain fields, I wouldn't mind the help.

http://www.hotscripts.com/Detailed/62606.html

[Mubix Truecrypt USB]

@echo off

truecrypt /q /v mubix.pst /lo /b

o:pstart.exe

This is in my go.cmd on my hacked U3 drive.    the /lo mounts to the O drive (usually not taken), /q is quite /v

I've posted a list of command line switches

[How secure is FreeBSD in a Linux VM?]

Well there already have been a few "breakout" trojans that sense beiing in a VM and exploit the bridging/natting implementation. But then again, they have to have elevated access on the box first. Unlikely but not impossible. Best practice is to keep vigilant on your patches and firewall/ids/ips logs.

Oh and you comfy blanket of being on a commercial ISP. I have seen scan reports showing higher amounts of scans on commercial ISPs than on US DoD IPs.

[How secure is FreeBSD in a Linux VM?]

You are only vulnerable on port that you make public, IP (TCP/UDP), and the services that you run on them. Lock down that public facing server, put your internal only VMs to attach to your internal interface on the server and you should be good. If you are running only one interface you could be looking at problems. A quick net diagram would be awesome, and you can skew it a bit.

[Episode 3x02 Release]

mm I'm having problems with evolution I'm just getting a blank window no place to enter the info to search for

http://i182.photobucket.com/albums/x173/Ma.../untitled-4.jpg

what am I doing wrong? thanks

Just drag and drop the objects in the palette onto the open area. Then you can edit that items properties

[Episode 3x02 Release]

anyone know of another place to download the Evolution GUI I guess it's down now.

Read up ^ it's already been posted.

[London hak5 meetup at Live Diggnation?]

what are the details?

[Episode 3x02 Release]

Very good ep in total mubix's segment was very interesting its just a shame the evolution has been taken down and i would of liked to of tryed it

There is an odd rumor going around that you can still find it at http://www.megaupload.com/?d=11LK7HH3

No idea if the rumors are true or not

[Episode 3x02 Release]

The following is the link to my portion of the show notes:

http://tech.nocr.at/hacking-security/learn-to-hack

[Hak5Live 005: "Imagine if Hak5 were a ________ show"]

Imagine if Hak.5 were a better show? :-) then you would just be over flowing with technolust

[MOVED: Hak.5 Radio's new site]

This topic has been moved to Hak.5 Radio.

[iurl]http://forums.hak5.org/index.php?topic=7366.0[/iurl]

[Hak.5 Radio's new site]

This is a a great idea.

Are there any rules of what the banners have to look like, link to, etc.. ?

I'll update this post when I have a banner available.

TheSPY

The only rule is we have the final say, if it's not something that you would put up on a web site, we won't. But no, not many rules.

[Hak.5 Radio's new site]

We are currently under construction on the new Hak.5 Radio website. Now all we need is the last touch. Our header area is a bit boring and we decided that banner ads would work perfectly right there. Now since we are all about 'Sticking it to the Man' we have come up with the following:

On Hak.5 Radio's new web site we are going to have rotating banner ads, Now these aren't your usual banner ads, since Hak.5 Radio is 'For the community, by the community' they will be YOUR banner ads, so get out your copy of photoshop or GIMP and whip up a banner at 600x80 and post it in here with a link of your choice to put behind the banner. When the site goes live, you'll be linked from the one, and only Community driven radio station's website on the net!

[Hak.5 Radio (Alive again!) - 100% Community Based Radio!]

The preshow, live show, and after show went very well. Thanks to all who hosted / participated.

[Hak.5 Radio]

I sincerely hope the people enjoy and use Hak.5 Radio as just one more of the community outlets that Hak.5 has... I guess "grown" would be the appropriate word. Have fun you guys, and police your own.