Microsoft Device Extracts Forensic Data

Dennis Faas's picture

Microsoft has reportedly developed a small plug-in device that can be used by investigators to quickly extract forensic data from computers that may have been used in crimes.

The Computer Online Forensic Evidence Extractor (COFEE) is a USB "thumb drive" that Microsoft quietly distributed to a handful of law-enforcement agencies last June.

The COFEE device contains 150 commands that dramatically cut the time it takes to gather digital evidence. It can decrypt passwords and analyze a computer's Internet activity and data stored in the computer.

COFEE lets the investigator scan for evidence on site, eliminating the necessity for physically seizing the computer and potentially losing data once it's disconnected from the network and powered down.

Microsoft provides the device for free to help insure that the Internet stays safe. More than 2,000 officers in 15 countries, including Poland, the Phillipines, Germany, New Zealand and the United States are using the device.

Law-enforcement officials representing 35 countries are in Redmond this week to talk about how technology can help fight crime. A similar event held by Microsoft in 2006 led to the creation of COFEE.

COFEE was reportedly developed by a former Hong Kong cop who currently works for Microsoft. Microsoft also operates a law enforcement portal where officials can get free technical support. The company has trained more than 6,000 officers from more than 110 countries and does regular training with state officials and organizations such as the International Center for Missing and Exploited Children.

Visit Bill's Links and More for more great tips, just like this one!

Rate this article: 
Average: 4 (1 vote)