MS Evidence Extractor 'COFEE' Leaked via File-Sharing

Dennis Faas's picture

Software designed by Microsoft to help law enforcement individuals access encrypted data has been leaked onto the web and available to the public via file-sharing services. The software, which is illegal for unauthorized people to use or download, brings together a number of common digital forensics capabilities into an easy-to-use automated tool.

The software is known as the Computer Online Forensic Evidence Extractor (or COFEE) and allows police to easily capture important "live" computer evidence at the scene in cybercrime investigations, without special forensics expertise. (Source:

COFEE Capable of Running 150 Commands

The software allows law enforcement agencies to access details about crimes before a criminal has had a chance to wipe information from a computer drive. They can do that simply by plugging a USB device into a computer port.

It takes less than 10 minutes to train a police officer with basic computer skills to use the software, which is capable of running 150 automated commands.

Sophos: Genie is Out of the Bottle

Sophos senior technology consultant Graham Cluley says that "the genie is out of the bottle," and that "Microsoft and the computer crime authorities will be mightily upset that this was leaked onto the Internet for anyone to download via file-sharing sites." (Source:

Cluley worries about unauthorized users having access to a tool like COFEE for their own nefarious purposes, but he's also concerned that cyber criminals may analyze the COFEE software and write code to identify someone trying to run COFEE on their computer and intercept it, and in effect, securely wipe incriminating data from their systems.

Visit Bill's Links and More for more great tips, just like this one!

Rate this article: 
No votes yet