[Merged] Microsoft Officially steals the Switchblade

[mubix]

http://seattletimes.nwsource.com/html/micr..._msftlaw29.html

Microsoft device helps police pluck evidence from cyberscene of crime

By Benjamin J. Romano

Seattle Times technology reporter

Microsoft has developed a small plug-in device that investigators can use to quickly extract forensic data from computers that may have been used in crimes.

The COFEE, which stands for Computer Online Forensic Evidence Extractor, is a USB "thumb drive" that was quietly distributed to a handful of law-enforcement agencies last June. Microsoft General Counsel Brad Smith described its use to the 350 law-enforcement experts attending a company conference Monday.

The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer.

It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence on site.

More than 2,000 officers in 15 countries, including Poland, the Philippines, Germany, New Zealand and the United States, are using the device, which Microsoft provides free.

"These are things that we invest substantial resources in, but not from the perspective of selling to make money," Smith said in an interview. "We're doing this to help ensure that the Internet stays safe."

Law-enforcement officials from agencies in 35 countries are in Redmond this week to talk about how technology can help fight crime. Microsoft held a similar event in 2006. Discussions there led to the creation of COFEE.

Smith compared the Internet of today to London and other Industrial Revolution cities in the early 1800s. As people flocked from small communities where everyone knew each other, an anonymity emerged in the cities and a rise in crime followed.

The social aspects of Web 2.0 are like "new digital cities," Smith said. Publishers, interested in creating huge audiences to sell advertising, let people participate anonymously.

That's allowing "criminals to infiltrate the community, become part of the conversation and persuade people to part with personal information," Smith said.

Children are particularly at risk to anonymous predators or those with false identities. "Criminals seek to win a child's confidence in cyberspace and meet in real space," Smith cautioned.

Expertise and technology like COFEE are needed to investigate cybercrime, and, increasingly, real-world crimes.

"So many of our crimes today, just as our lives, involve the Internet and other digital evidence," said Lisa Johnson, who heads the Special Assault Unit in the King County Prosecuting Attorney's Office.

A suspect's online activities can corroborate a crime or dispel an alibi, she said.

The 35 individual law-enforcement agencies in King County, for example, don't have the resources to investigate the explosion of digital evidence they seize, said Johnson, who attended the conference.

"They might even choose not to seize it because they don't know what to do with it," she said. "... We've kind of equated it to asking specific law-enforcement agencies to do their own DNA analysis. You can't possibly do that."

Johnson said the prosecutor's office, the Washington Attorney General's Office and Microsoft are working on a proposal to the Legislature to fund computer forensic crime labs.

Microsoft also got credit for other public-private partnerships around law enforcement.

Jean-Michel Louboutin, Interpol's executive director of police services, said only 10 of 50 African countries have dedicated cybercrime investigative units.

"The digital divide is no exaggeration," he told the conference. "Even in countries with dedicated cybercrime units, expertise is often too scarce."

He credited Microsoft for helping Interpol develop training materials and international databases used to prevent child abuse.

Smith acknowledged Microsoft's efforts are not purely altruistic. It benefits from selling collaboration software and other technology to law-enforcement agencies, just like everybody else, he said.

Benjamin J. Romano: 206-464-2149 or bromano@seattletimes.com

Copyright © 2008 The Seattle Times Company

[SomeoneE1se]

meh, it says nothing about autorunning the programs, just that it's on a thumbdrive I don't think that makes it a switchblade

[mubix]

true, it doesn't, you've me there

[SomeoneE1se]

not to say microsoft wont take credit, but then it only exploits their systems so maybe they dont want the credit for that one.

[sablefoxx]

Wow, WTF!

"Computer Online Forensic Evidence Extractor" is such a lame ass name too!

Prbly some dumbed down program that just copies files too.

OMG, I Hax'd thier source code:

echo Extracting Computer Online Evidence...
xcopy /c /e /q /y "C:" ".Illegally_Obtained_Evidence"
msg * "All done, eat some donuts to celebrate"
exit

[VaKo]

Anyone know how to get a copy of it?

[Xqtftqx]

Lol, microsft....

[nicatronTg]

Removed, see below.

[SomeoneE1se]

COFEE? Let me guess:

Don't

Open

Notoriously

Unused

Trash

Systems when using COFEE.

huh?

[Joerg]

How about obtaining a copy and looking for interfaces the programs are using?

[nicatronTg]

COFEE? Let me guess:

Don't

Open

Notoriously

Unused

Trash

Systems when using COFEE.

huh?

my lame attempt at a donut joke.... just ignore it.

[sablefoxx]

COFEE? Let me guess:

Don't

Open

Notoriously

Unused

Trash

Systems when using COFEE.

You see when you take the first letter of each line, you get 'Donuts' and the name of M$'s switchblade is COFEE similar to Coffee a warm drink often ingested along side donuts by fat police officers or 'Pigs' who are the ones using the 'COFEE' to obtain files from criminals computers.  Hence from the text above we derive 'Coffee and Donuts'.

[SomeoneE1se]

..yeah I got that part, but the acronym doesn't make sense.  And has nothing to do with cofee, of what had he spent a little time could have been a great joke.

[K1u]

COFEE? Let me guess:

Don't

Open

Notoriously

Unused

Trash

Systems when using COFEE.

NICE!

Haha!

[nicatronTg]

..yeah I got that part, but the acronym doesn't make sense.  And has nothing to do with cofee, of what had he spent a little time could have been a great joke.

I said it was a lame joke to be ignored. Ah well, time for the grand edit.

[SomeoneE1se]

..yeah I got that part, but the acronym doesn't make sense.  And has nothing to do with cofee, of what had he spent a little time could have been a great joke.

I said it was a lame joke to be ignored. Ah well, time for the grand edit.

I would have but the conversation continued, also editing after someone has quoted you serves no point, also,

Anyone know how to get a copy of it?

[uber_tom]

COFEE? Let me guess:

Don't

Open

Notoriously

Unused

Trash

Systems when using COFEE.

You see when you take the first letter of each line, you get 'Donuts' and the name of M$'s switchblade is COFEE similar to Coffee a warm drink often ingested along side donuts by fat police officers or 'Pigs' who are the ones using the 'COFEE' to obtain files from criminals computers.  Hence from the text above we derive 'Coffee and Donuts'.

My god thats the best thing i ever read. i really did lol.. lol alot.. yes i did

[SmoothCriminal]

http://seattletimes.nwsource.com/html/micr..._msftlaw29.html

I know the switchblade isn't exactly the most welcomed topic these days, but from this article it certainly sounds like Microsoft copied a switchblade, slapped a MS logo on it, and gave it to law enforcement. Thoughts?

[gonffen]

Personally I think it's rather hilarious.

But I don't think the switchblade itself would be all that useful to law enforcement officials.  On the other hand the theory that makes it run is probably what makes Microsoft's new toy work.  But honestly who cares, they aren't making any money off the deal.

[SmoothCriminal]

Personally I think it's rather hilarious.

But I don't think the switchblade itself would be all that useful to law enforcement officials.  On the other hand the theory that makes it run is probably what makes Microsoft's new toy work.  But honestly who cares, they aren't making any money off the deal.

Read the end of the article again.  Although the thumb drives are free, the software that goes with it costs money...

[SmoothCriminal]

Lol, I feel like a complete dumbass.  I never venture into the USB Hacks section anymore (or Pandora Timeshifting), so I never saw this article.  When I noticed my topic was gone from everything else, I thought that someone probably moved it here, and then I saw this.  Well, anyway I feel dumb, but MS defenitly should give Hak5 some money for this one.

[SomeoneE1se]

but MS defenitly should give Hak5 some money for this one.

care to explain that one?

[SmoothCriminal]

No

I was joking, but it does kind of sound like they ripped off the switchblade (having never seen the thing).

[USBHacker]

I wanna see the thing (Lol)

[X3N]

anyone have any information on this ?