Tim Cranton demonstrates the COFEE device for Interpol executive Jean-Michel Louboutin.
If you thought the security features developed by Microsoft were intended to keep your private data private in the face of adversity, think again: according to a report in the Seattle Times
the software giant is offering investigatory agencies a device capable of bypassing pretty much every security measure currently built into its Windows operating system.
The COFEE – a somewhat laboured acronym for Computer Online Forensic Evidence Extractor
– is a USB mass-storage device which started trials at law enforcement agencies across the US last June. Containing a toolkit of approximately a hundred and fifty commands, the software included on the drive is capable of decrypting passwords, copying the Internet history log, and accessing files owned by any user on the computer.
Microsoft general counsel Brad Smith has described the unit, which the company is offering free of charge to verified law enforcement officers, as something the company invests “substantial resources in, but not from the perspective of selling to make money. We're doing this to help ensure that the Internet stays safe.
The article goes on to mention that the COFEE device “eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power, and potentially losing data. Instead, the investigator can scan for evidence on site.
” What isn't mentioned in the article, however, is whether the evidence gathered by the toolkit is actually suitable
for law enforcement purposes.
When a computer is seized by an investigating team, the first thing that happens is the hard drive is cloned – usually using a special device which is incapable of writing to the source drive. This keeps the chain of evidence clean, and prevents any claims of tampering being entertained should the case reach a courtroom. A device which requires you to make modifications to a suspicious system before you have a clean copy of the data
seems like a potential mistrial to me.
But, what do I know? Clearly, Microsoft thinks its on to a winner with the law enforcement crowd – and if they're using the gratis
COFEE, then selling the cops additional software isn't such a hard task. Not that I'm cynical or anything.
Anyone here suddenly feel the need to start using TrueCrypt
, or is anything which helps bring digital criminals to justice a laudable project? Share your thoughts over in the forums