Skip to main content

Microsoft COFEE device

I've been keeping up today with a story that was reported in the Seattle Times regading the Computer Online Forensic Evidence Extractor device Microsoft has made available to law enforcement agencies. So far I've read Ed Bott's response and recently The Register's response and I have to say that I think that they are overreacting at this. I'm going to go through some of the points made in The Register article below, my points are in bold.

Microsoft has reportedly developed a USB key that allows investigators to
extract forensic data from PCs.
COFEE (Computer Online Forensic Evidence
Extractor) comes in a USB key form factor, and was distributed to a small number
of law-enforcement agencies last June, the Seattle Times
reports. The device includes 150 tools that allow
investigators to extract internet history files, for example, or "decrypt

The 150 tools are simply based on the 150 commands that forensic experts must enter anyway and that normally take 4+ hours. Microsoft claim that they are simply making this stage easier.

Rather than pointing to the existence of a backdoor

There are people that have climed that this tool circumvents security such as BitLocker and exploits backdoors in the system. It doesn't! Never did, that's just anti-Microsoft propaganda. Nice to see The Register rubbishing it.

the decrypting password
feature appears to relate to password auditing tools. COFEE also allows
investigators to upload data for analysis.
The device is used by more than
2,000 officers in at least 15 countries, including Germany and the US. Microsoft
supplies the technology to law enforcement agencies without charge. The tool
reportedly allows investigators to scan for evidence on site without necessarily
having to cart PCs back to a lab.
Computer forensics is a painstaking process
carefully designed to make sure data on a suspect computer isn't changed -
simply plugging a device into a computer to extract data seems like a quick and
dirty fix. The admissibility of such data in court in debatable even before we
get into considering the possibility that the USB key might harbour

Do we honestly think that this is a revelation to the people who designed the tool or consulted on the tool? I honestly do not believe that there is a room in Redmond where someone is now thinking, "I wonder should we have asked a computer forensic professional about this stuff before we built this. The fact that the Microsoft General Counsel Brad Smith has commented about it makes me think that they've done a lot of research into the legal viability of the evidence the tool will produce. Anyway, I suspect the tool is meant to indicate the presence of evidence and produce passwords rather than actually produce the evidence. It's not designed to replace forensic experts just make their lives a bit easier.

Another, even greater concern is that the kit will get into the
hands of hackers. The form factor for COFEE would be just their cup of

To start with hackers would need to actually gain physical access to the machine they are trying to attack for this to be a real threat. Secondly do you think they don't have similar tools already? Anyone heard of Switchblade?

The extraction and analysis of digital evidence features in the
investigation of more on more crimes, not just those specific to computers such
as internet fraud and child abuse investigations. UK specialists we've spoken to
tell us they're struggling to cope with the volume of work from law enforcement
clients. There's a genuine problem here, but we're not convinced COFEE is the
Law enforcement officials from forces in 35 countries are meeting
in Redmond this week to talk about the role of technology in combating crime. A
similar event two years ago led to the development of COFEE, the Seattle Times
reports. ®

So the industry has been involved in this tool for while then?

My only problem with it is that by the time law enforcement agencies have finished testing it and ensuring it's going to work in virtually all conditions there'll be a new set of technologies out there and it'll have to be updated again anyway. Great place to start though so I say well done Microsoft. Reading the comments on Ed's blog, as well as on the Seattle Times site, though it's obvious that there are people out there that are willing to believe anything anti-Microsoft and no matter how sensationalist and obviously false the story they want to believe it.


Popular posts from this blog

A Little Time Travel Thought Experiment

During the Back to the Future (BTTF) anniversary celebrations there was a lot of talk about how accurately they represented time travel. The consensus seemed to be that travelling back and appearing at the same physical location but in a different time was how time travel would likely work. This is where I got thinking. The universe is an ever moving beast. Nothing sits still and this leads to some pretty big problems. To start with the Earth rotates on its axis every ~24 hours, so our traveller would need to arrive at approximately the same time of day in the past. He’s worked out time travel so that’s not going to be hard to do. Next, the Earth orbits the sun every ~365.25 days. This one is a little more of a problem. If our traveller is in the heat of June and has decided to travel back because he wants to see an Xmas in the past he’s got a problem. The Earth will be on the other side of the Sun. So Marty needs to travel back to roughly the same day each year? Fair enough I suppos…

Everyone Should Watch Tim Cook’s 2017 MIT Commencement Address

On June 9th 2017, Apple’s CEO Tim Cook took to the stage at MIT and addressed this years graduating class. Throughout the speech you can hear echoes to the address the late Steve Jobs gave to the Stanford class of 2005 but make no mistake this feels like it’s personal and coming from the heart and to me it was brilliant. I cannot recommend it enough. If you decide you don’t have time to listen then just take away this one line:

Measure your impact on humanity not in the likes, but the lives you touch; not in popularity, but in the people you serve. - Tim Cook 2017

Tim strikes the perfect balance between hope, caution and responsibility. Your role in this world is to find how you can best serve humanity. Don’t let the negative voices, no matter where they come from, divert you from doing what you believe to be right and don’t let yourself become one of those voices. Sticking to your values and making the world better for everyone is not easy and is not going to be easy. Embrace the ch…

WWDC 17 - XCode & Return Of IB #MassivePunt

There's no shortage of predictions and leaks around what Apple will announce at WWDC tomorrow. I'm going to add one more.

Since this is the developers conference and iPad seems to be getting a renewed focus I'm going to predict/hope for XCode on iOS. I don't expect something that's as powerful as the Mac version but I'm thinking a Swift code editor and potentially the return of Interface Builder. Being able to lay UI elements out on an actual iPhone and iPad screen would be fantastic. Checkout your code onto iPad, do some changes and submit it to your CI workflow for building etc would be very powerful.