Last Summer, Microsoft Corporation quietly introduced a powerful tool for getting past security on laptops and PCs running the Windows operations system (which about 90 percent do). The device is a USB thumb drive called COFEE (Computer Online Forensic Evidence Extractor). When you capture an enemy computer, you plug in COFEE and then use over a hundred software to quickly get whatever information is on the machine. COFEE can quickly reveal passwords, decrypt files, reveal recent Internet activity and much more. A lot of this can be done without COFEE, but with the Microsoft device, intelligence collection is a lot faster.
Microsoft has distributed thousands of COFEE devices to police and military intelligence personnel in the United States, and some foreign countries. COFEE was developed mainly to assist the investigation of Internet based crime. But military intelligence operators find it very useful in uncovering enemy plans.
COFEE is a USB drive that allows law enforcement to run more than 150 commands on a live computer system and save the results on the portable drive for later analysis. This preserves valuable information that could be lost if the computer had to be shut down and transported to a lab--files that are stored in active memory would otherwise be lost, for example.
COFEE was developed in 2006 by Ricci Ieong and Anthony Fung, both members of the High Tech Crime Investigators Associate's (HTCIA) Asia South Pacific Chapter. Fung now works for Microsoft's Internet Safety Enforcement team in Hong Kong and used to be on the police force there. Ieong is founder and principal consultant for eWalker Consulting.
COFEE consists of plain text scripts; the data collected from these scripts is routed to a provided USB drive. Although intended for use with a command line, there is also an option for GUI. Raw text captures generate either SH1 or md5 checksums. The results for an acquisition are then presented in either plain text or HTML. Each operation produces its own log file to help investigators.
Although Microsoft would not confirm any specific tools included within COFEE, it did say that all the tools were publicly available. A quick search by CNET revealed several free Windows-based digital forensic tool kits available for download. These include:
Several news reports have suggested that Microsoft is also providing law enforcement with new tools to defeat BitLocker in Windows Vista or access to a secret back door within Windows. A Microsoft spokesperson denied this, saying, "COFEE does not circumvent Windows Vista BitLocker encryption or undermine any protections in Windows through secret 'backdoors' or other undocumented means." Microsoft also stressed that COFEE is still in beta.
"The key to COFEE is not new forensic tools," said Tim Cranton, associate general counsel for Microsoft, "but rather the creation of an easy to use, automated forensic tool at the scene. It's the ease of use, speed, and consistency of evidence extraction that is key."
More than 2,000 officials are using it worldwide, according to Microsoft.
Q&A with Tim Cranton, Associate General COunsel for Microsoft at the Law Enforcement Technology 2008 conference: Microsoft Calls on Global Public-Private Partnerships to Help in the Fight Against CybercrimeMedia Exploitation:
Low Level:
Blackbird Data Surveyor/Scavenger
ADF Triage-G2EnCase PortableHigh Level:
Digital Intelligence FRED-LHigh Tech Crime Institute EDAS FOX
What kind of people are suicide bombers? How do they justify their actions? In this meticulously researched and sensitively written book, journalist Christoph Reuter argues that popular views of these young men and women--as crazed fanatics or brainwashed automatons--fall short of the mark. In many cases these modern-day martyrs are well-educated young adults who turn themselves into human bombs willingly and eagerly--to exact revenge on a more powerful enemy, perceived as both unjust and oppressive. Suicide assassins are determined to make a difference, for once in their lives, no matter what the cost. As Reuter's many interviews with would-be martyrs, their trainers, friends, and relatives reveal, the bombers are motivated more by how they expect to be remembered--as heroic figures--than by religion-infused visions of a blissful life to come.