COFEE Leaked

[Cerberus]

The Microsoft tool COFEE has leaked onto the internet and it is nothing like the Switchblade!

http://www.crunchgear.com/2009/11/06/siren...r-the-internet/

[Seshan]

Anyone get it yet?

I got it.

I uploaded the user guide here if anyone wants to look at it.

http://rapidshare.com/files/304266954/User..._COFEE_v112.pdf

[Zimmer]

The html/xml generation imo is awesome and also I kinda like it, it is easy to set up and looks awesome and well done, I don't understand why people hate it

[Netshroud]

What is it? What does it do? All I can find on the net is that it's a forensics tool, and it's useless to most people.

[Jen]

Are you sure it is clean?? Should I mirror it to rs and mu?

[m1k]

It looks clean..

don't forget it's a M$ anyway...

[Iain]

It looks clean..

don't forget it's a M$ anyway...

It *could* have been "tweaked".

[IOSys]

Very nice, a GUI-app that allows noobs to create autorun for more than one program !

I kinda like the hash-check :)

[Jen]

Shame that it only works on xp right now. Can't even take information from window 7 without using compatibility.

[m1k]

Now we have cofee...hak5 genious have to add sugar!

(I am italian...never add sugar to espresso!)

:)

[Sud0x3]

Could someone point me in the right direction for a copy of coffe! Cheers

[Lord Necron]

Could someone point me in the right direction for a copy of coffe! Cheers

Try the very first link in the post.

[psydT0ne]

"They" will be watching that torrent like hawks.

i'd avoid it.

[Ingo]

"They"

Very doubtful it's just pile of M$ junk with no real value to anyone. I really didn't find anything "that" interesting from the whole thing.

Then again by staying clear of it you ain't missing anything either.

[Iain]

I've not looked at it but, according to comments on various fora, it's not all that special and anyone with experience in dealing with PCs could probably get all the information that the package would provide.

Given this brief assessment, I wonder why it was released only to LEOs? Surely by doing that, it made security professionals, pen testers etc. rub their hands and think "Wow, that must be really "juicy". I *must* get my hands on it."?

[Ingo]

I wonder why it was released only to LEOs?

Well my guess would be that M$ doesn't want to provide every "script-kiddie" out there with "hacking tools".

And they really can't sell this shit for security professionals 'cause it ain't worth a damn.

[Lord Necron]

Microsoft's not bothered about COFEE leak.

Protect yourself from COFEE with some DECAF

In response to Microsoft's Computer Online Forensic Evidence Extractor (COFEE), which helps law enforcement officials grab data from password-protected or encrypted sources, two developers have created "Detect and Eliminate Computer Assisted Forensics" (DECAF), a counter intelligence tool designed to thwart the Microsoft forensic toolkit. DECAF monitors the computer it's running on for any signs that COFEE is operating on the machine and does everything it can to stop it.

More specifically, the program deletes COFEE's temporary files, kills its processes, erases all COFEE logs, disables USB drives, and even contaminates or spoofs a variety of MAC addresses to muddy forensic tracks. It can be told to disable almost every piece of hardware on a machine and delete pre-defined files in the background. The 181KB DECAF program even has a 'Spill the cofee' mode in which it simulates COFEE's presence to give the user an opportunity to test his or her configuration before actually using it. Source code for DECAF has not been made available, since the authors fear it will be reverse engineered, making it unclear what else the tool might be doing and whether or not it is completely safe to use.

DECAF's developers say future versions of the program will allow computer owners to remotely lock down their machine via text message and e-mail once they detect that it has fallen into law enforcement hands and even send out notifications to other parties in the case of an emergency. The plan is to make DECAF's next release more light-weight, possibly having it run in the form of a Windows service.

COFEE, a suite of 150 bundled off-the-shelf forensic tools that run from a script, was created by Microsoft to help law enforcement officials gather volatile evidence that would otherwise be lost in traditional, offline forensic analysis. Officers can run the script in the field from a USB stick, before the computer is brought back to the lab, letting them grab data from password-protected or encrypted sources. The forensics tool works best with Windows XP, but Microsoft is working on a new version of COFEE for next year that fully supports Windows Vista and Windows 7.

Microsoft first revealed the 15MB tool back in April 2008, and in April 2009, the company announced that it will aid global law enforcement in fighting cybercrime by providing COFEE free of charge to 187 countries, distributing it through Interpol. Microsoft managed to keep the existence of it quiet until November 2009, when pirates decided it was time to leak the tool so that people other than just government crime-fighters could use it. Weeks later, Microsoft started issuing takedown notices to multiple websites that hosted the tool. It's unclear whether Microsoft will react to the fact that there's now software that aims to render COFEE useless.

[d4rkfe4r]

Lawl. Fuck Microsoft.

[metatron]

EnCase Law/Government products are much more feature rich and are all round better products.

[Seshan]

DECAF is a fake.