Microsoft COFEE Leaked 171
54mc writes "Crunchgear reports that Microsoft's long-searched-for forensics tool, COFEE, has been leaked. The tool started on a small, private tracker, but has since worked its way to The Pirate Bay. Not all those who have gotten hold of it are enthused, and reviews have ranged from 'disappointing' to 'useless.' From the article: 'You have absolutely no use for the program. It's not something like Photoshop or Final Cut Pro, an expensive application that you download for the hell of it on the off-chance you need to put Dave Meltzer's face on Brett Hart's body as part of a message board thread. No, COFEE is 100 percent useless to you.'"
While I don't have any use for the program (Score:5, Insightful)
It's a bit short-sighted to say that nobody does. I'm sure there are lots of people out there with material on their machines that they wouldn't want a law enforcement officer to find. This tool would be perfect for their needs.
on a live computer system? (Score:5, Insightful)
So, don't run windows, encrypt your drive with hidden partitions and turn the thing off when the cops arrive.
Not having seen the app, but (Score:5, Insightful)
Bloody DUH (Score:5, Insightful)
Well, of course it's useless to most of them...but that has nothing to do with whether or not COFEE is any good. Let's face it; how many casual downloaders are going to need a forensics toolkit? They already have access to all of their own files, and already know what they've been doing with their system. And COFEE is not meant to be a "point and shoot" system; it's really meant for professionals that know what they're looking for to some degree. So getting a copy and using it doesn't instantly give you some insight into how computer forensics work.
Re:Not having seen the app, but (Score:5, Insightful)
I would think even mere insertion of a USB device into a computer could lead to all sorts of problems - what if that USB key had a virus that transferred itself to the PC and then deleted itself from the USB device? The fact that this is a bog-standard set of files means that someone has to put these programs onto a writable USB drive (it's possible it's write-once but I would be dubious of that actually being the case) and then plug it into a computer - exactly the action that companies block by default because of the potential for rogue programs to be introduced and destroy/modify data.
Want to put someone in jail? Put something illegal on that USB drive, plug it into their computer with an autorun script that copies itself over and then deletes itself (and the script) from the USB drive. Then claim that it was a *different* drive you put in and submit a "clean" drive as evidence if they demand to see it.
Not to mention that actually doing *anything* on the original PC is damn stupid anyway but relying on a USB stick to run it? That's got to be asking for trouble. Oh, and disable USB and you've just stopped that attack.
I was always told that *anything* capable of writing to the drive or modifying the data you're trying to access was a no-no... that's why they image the drives through special "read-only" adaptors (apparently harder with SATA nowadays) and then analyse the image. Saving transient information onto a writable USB stick by execution of a program from that stick? Sounds like a recipe for disaster. That's gotta touch your swap or do something to memory in order to execute and proving that happened cleanly and provided a complete accurate copy of the contents of RAM/disk/swap before you plugged it in is probably impossible.
Re:While I don't have any use for the program (Score:5, Insightful)
As a fan of maximizing my privacy, I would find such a tool useful just for auditing the effectiveness of my standard cleanup procedures.
You don't need to break the law to have an interest in others not seeing what you do with your computer. Whether making sure you haven't left personal financial information unencrypted on your machine, or have accidentally clicked "yes" to have your browser remember your passwords, or simply your taste in porn stars... All legal, yet things you probably would rather not leave lying around for anyone other than yourself.
Now, aside from that, don't forget that police exist to help prosecute cases, not to protect us or find the guilty party or any fluffy BS like that. Once they have you in their sights, the less they can dig up, the better. "Good news - Your alibi checked out, you didn't kill that girl. Bad news - Your computer proves that you played poker online once last year, enjoy your 2+ year federal sentence".
And hey, who better to know where Windows leaks information than Microsoft itself? Not that I would trust them as my sole source of privacy maintenance, but as I said, for auditing "best practices", such a tool would appear fairly useful.
Re:While I don't have any use for the program (Score:3, Insightful)
Most warrants are specific... not that I'd want to defend myself on that basis, but I'm sure a good lawyer could help you if you were investigated for child porn and the only thing they find is some evidence of Internet gambling.
On the other hand, I'd stop the Internet gambling right away, because you know they'd be looking for a way to justify getting you for that having 'lost' the child porn case.
Ummm.... well.... (Score:5, Insightful)
> No, COFEE is 100 percent useless to you.'"
Yes, and the software that runs voting machines is "useless to us", too.
I think the submitter is missing the point. This (probably) closed-source tool by Microsoft (that bears repeating... by MICROSOFT) is going to be used by law enforcement to help throw people in jail. If for no 'practical' use, now that COFFEE is leaked, people will be able to reverse-engineer it an see exactly what it is doing, and how. That is a good thing.
Re:While I don't have any use for the program (Score:5, Insightful)
I agree. Using the software may not prove useful, but studying the software to see how it works might be. It is said the software can decrypt passwords and access otherwise inaccessible files. If true, that would be a major security hole that black hats could exploit, so the public has the right to know what exactly COFEE does, how it works, and how to defend their systems from it and similar software.
Re:As someone in the Security Field... (Score:5, Insightful)
If only you'd bothered to write that in the summary, rather than the clever-clever "You don't need this" shenanigans. Half these initially posts could have been avoided.
Re:The Solution? HURD! (Score:3, Insightful)
Re:Not having seen the app, but (Score:1, Insightful)
Once again, slashdotters seem to think that because something involves a computer it's a new concept, rather than one that has been around since the beginning of civilization.
How is that ANY different than any other case where someone given the task of investigating a crime decides to set up a frame instead? It's not. Planting files on someone's hard drive is exactly like planting fingerprints. Or before fingerprints, planting a gun. Or before guns, planting a weapon with blood on it.
Please stop thinking that this is some new problem that you're solving, or that society is going to shut down because this is an unsolvable problem (which it is to an extent, and always has been since humans first stood upright).
Re:But (Score:5, Insightful)
Really... why should we have to look up something stated in the summary as "100% useless to us"? Thanks fuck head!
Because:
1) You are wondering what is the damn thing in the first place (like OP did), and
2) You want to make your own opinion.
No one is forcing you to read through the wikipedia entry. I hope, for the sake of people around you, that you don't flip out as easily in real life.
Re:But (Score:5, Insightful)
Responsible Mods needed...
Come on...this guy responds to someone, who calls him a fuck head for providing a link to information connected to the post, in a calm and measured way, and somehow he gets modded flamebait?
If that doesn't get fixed, I've lost the last little bit of trust I have in the /. mod system.