Cerberus Posted November 8, 2009 Share Posted November 8, 2009 The Microsoft tool COFEE has leaked onto the internet and it is nothing like the Switchblade! http://www.crunchgear.com/2009/11/06/siren...r-the-internet/ Quote Link to comment Share on other sites More sharing options...
Seshan Posted November 8, 2009 Share Posted November 8, 2009 Anyone get it yet? I got it. I uploaded the user guide here if anyone wants to look at it. http://rapidshare.com/files/304266954/User..._COFEE_v112.pdf Quote Link to comment Share on other sites More sharing options...
Zimmer Posted November 9, 2009 Share Posted November 9, 2009 The html/xml generation imo is awesome and also I kinda like it, it is easy to set up and looks awesome and well done, I don't understand why people hate it Quote Link to comment Share on other sites More sharing options...
Netshroud Posted November 9, 2009 Share Posted November 9, 2009 What is it? What does it do? All I can find on the net is that it's a forensics tool, and it's useless to most people. Quote Link to comment Share on other sites More sharing options...
Jen Posted November 9, 2009 Share Posted November 9, 2009 Are you sure it is clean?? Should I mirror it to rs and mu? Quote Link to comment Share on other sites More sharing options...
m1k Posted November 9, 2009 Share Posted November 9, 2009 It looks clean.. don't forget it's a M$ anyway... Quote Link to comment Share on other sites More sharing options...
Iain Posted November 9, 2009 Share Posted November 9, 2009 It looks clean.. don't forget it's a M$ anyway... It *could* have been "tweaked". Quote Link to comment Share on other sites More sharing options...
IOSys Posted November 9, 2009 Share Posted November 9, 2009 Very nice, a GUI-app that allows noobs to create autorun for more than one program ! I kinda like the hash-check :) Quote Link to comment Share on other sites More sharing options...
Jen Posted November 10, 2009 Share Posted November 10, 2009 Shame that it only works on xp right now. Can't even take information from window 7 without using compatibility. Quote Link to comment Share on other sites More sharing options...
m1k Posted November 10, 2009 Share Posted November 10, 2009 Now we have cofee...hak5 genious have to add sugar! (I am italian...never add sugar to espresso!) :) Quote Link to comment Share on other sites More sharing options...
Sud0x3 Posted November 29, 2009 Share Posted November 29, 2009 Could someone point me in the right direction for a copy of coffe! Cheers Quote Link to comment Share on other sites More sharing options...
Lord Necron Posted November 29, 2009 Share Posted November 29, 2009 Could someone point me in the right direction for a copy of coffe! Cheers Try the very first link in the post. Quote Link to comment Share on other sites More sharing options...
psydT0ne Posted November 30, 2009 Share Posted November 30, 2009 "They" will be watching that torrent like hawks. i'd avoid it. Quote Link to comment Share on other sites More sharing options...
Ingo Posted November 30, 2009 Share Posted November 30, 2009 "They" Very doubtful it's just pile of M$ junk with no real value to anyone. I really didn't find anything "that" interesting from the whole thing. Then again by staying clear of it you ain't missing anything either. Quote Link to comment Share on other sites More sharing options...
Iain Posted November 30, 2009 Share Posted November 30, 2009 I've not looked at it but, according to comments on various fora, it's not all that special and anyone with experience in dealing with PCs could probably get all the information that the package would provide. Given this brief assessment, I wonder why it was released only to LEOs? Surely by doing that, it made security professionals, pen testers etc. rub their hands and think "Wow, that must be really "juicy". I *must* get my hands on it."? Quote Link to comment Share on other sites More sharing options...
Ingo Posted November 30, 2009 Share Posted November 30, 2009 I wonder why it was released only to LEOs? Well my guess would be that M$ doesn't want to provide every "script-kiddie" out there with "hacking tools". And they really can't sell this shit for security professionals 'cause it ain't worth a damn. Quote Link to comment Share on other sites More sharing options...
Lord Necron Posted December 17, 2009 Share Posted December 17, 2009 Microsoft's not bothered about COFEE leak. Protect yourself from COFEE with some DECAF In response to Microsoft's Computer Online Forensic Evidence Extractor (COFEE), which helps law enforcement officials grab data from password-protected or encrypted sources, two developers have created "Detect and Eliminate Computer Assisted Forensics" (DECAF), a counter intelligence tool designed to thwart the Microsoft forensic toolkit. DECAF monitors the computer it's running on for any signs that COFEE is operating on the machine and does everything it can to stop it. More specifically, the program deletes COFEE's temporary files, kills its processes, erases all COFEE logs, disables USB drives, and even contaminates or spoofs a variety of MAC addresses to muddy forensic tracks. It can be told to disable almost every piece of hardware on a machine and delete pre-defined files in the background. The 181KB DECAF program even has a 'Spill the cofee' mode in which it simulates COFEE's presence to give the user an opportunity to test his or her configuration before actually using it. Source code for DECAF has not been made available, since the authors fear it will be reverse engineered, making it unclear what else the tool might be doing and whether or not it is completely safe to use. DECAF's developers say future versions of the program will allow computer owners to remotely lock down their machine via text message and e-mail once they detect that it has fallen into law enforcement hands and even send out notifications to other parties in the case of an emergency. The plan is to make DECAF's next release more light-weight, possibly having it run in the form of a Windows service. COFEE, a suite of 150 bundled off-the-shelf forensic tools that run from a script, was created by Microsoft to help law enforcement officials gather volatile evidence that would otherwise be lost in traditional, offline forensic analysis. Officers can run the script in the field from a USB stick, before the computer is brought back to the lab, letting them grab data from password-protected or encrypted sources. The forensics tool works best with Windows XP, but Microsoft is working on a new version of COFEE for next year that fully supports Windows Vista and Windows 7. Microsoft first revealed the 15MB tool back in April 2008, and in April 2009, the company announced that it will aid global law enforcement in fighting cybercrime by providing COFEE free of charge to 187 countries, distributing it through Interpol. Microsoft managed to keep the existence of it quiet until November 2009, when pirates decided it was time to leak the tool so that people other than just government crime-fighters could use it. Weeks later, Microsoft started issuing takedown notices to multiple websites that hosted the tool. It's unclear whether Microsoft will react to the fact that there's now software that aims to render COFEE useless. Quote Link to comment Share on other sites More sharing options...
d4rkfe4r Posted December 17, 2009 Share Posted December 17, 2009 Lawl. Fuck Microsoft. Quote Link to comment Share on other sites More sharing options...
metatron Posted December 19, 2009 Share Posted December 19, 2009 EnCase Law/Government products are much more feature rich and are all round better products. Quote Link to comment Share on other sites More sharing options...
Seshan Posted December 19, 2009 Share Posted December 19, 2009 DECAF is a fake. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.