{"id":1325,"date":"2009-10-17T13:29:13","date_gmt":"2009-10-17T17:29:13","guid":{"rendered":"http:\/\/rbach.net\/blog\/?p=1325"},"modified":"2022-12-30T12:19:27","modified_gmt":"2022-12-30T17:19:27","slug":"microsoft-serves-cofee-to-cops","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/microsoft-serves-cofee-to-cops\/","title":{"rendered":"Microsoft Serves COFEE to Cops"},"content":{"rendered":"<p><a href=\"https:\/\/web.archive.org\/web\/20180111032336\/https:\/\/www.engineering.com\/Blogs\/tabid\/3207\/ArticleID\/7391\/Persistent-Security-Threats-Push-Organizations-to-Continuous-Vulnerability-Monitoring.aspx\" target=\"_blank\" rel=\"noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignleft wp-image-110959 size-thumbnail\" title=\"Microsoft Serves COFEE to Cops\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/computer_security-4.jpg?resize=75%2C64&#038;ssl=1\" alt=\"Microsoft Serves COFEE to Cops\" width=\"75\" height=\"64\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/computer_security-4.jpg?resize=75%2C64&amp;ssl=1 75w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/computer_security-4.jpg?resize=150%2C127&amp;ssl=1 150w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/computer_security-4.jpg?w=333&amp;ssl=1 333w\" sizes=\"auto, (max-width: 75px) 100vw, 75px\" \/><\/a>According to an <a href=\"https:\/\/web.archive.org\/web\/20110202003523\/http:\/\/blog.seattlepi.com\/microsoft\/archives\/181948.asp\" target=\"_blank\" rel=\"noopener noreferrer\">article<\/a> on the <a href=\"https:\/\/www.seattlepi.com\/\" target=\"_blank\" rel=\"noopener noreferrer\"><em>Seattle Post Intelligencer<\/em> website<\/a>, <a href=\"http:\/\/www.microsoft.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft<\/a> has teamed up with the National White Collar Crime Center (<a href=\"http:\/\/www.nw3c.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">NW3C<\/a>) to distribute a computer forensics tool to U.S. police for free.<\/p>\n<p>The Computer Online Forensic Evidence Extractor (<a href=\"https:\/\/web.archive.org\/web\/20161229165227\/https:\/\/cofee.nw3c.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">COFEE<\/a>) makes it easy for any officer, not just digital forensics specialists, to record the current processes of a suspect&#8217;s computer. An officer can plug in a COFEE-formatted USB thumb drive, run COFEE, and download data that would have been lost if the computer were turned off for transit to the police station according to the article.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/\" target=\"_blank\" rel=\"noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-110961\" title=\"Microsoft logo\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/microsoft_logo_old-6.jpg?resize=120%2C20&#038;ssl=1\" alt=\"Microsoft logo\" width=\"120\" height=\"20\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/microsoft_logo_old-6.jpg?resize=150%2C25&amp;ssl=1 150w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/microsoft_logo_old-6.jpg?resize=75%2C12&amp;ssl=1 75w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/microsoft_logo_old-6.jpg?w=500&amp;ssl=1 500w\" sizes=\"auto, (max-width: 120px) 100vw, 120px\" \/><\/a>COFEE can be used to identify parts of a computer&#8217;s hard drive that a criminal might use for identity theft, online fraud, child pornography or other crimes. It can speed up the forensics process when a computer-crime specialist takes over the investigation. COFEE\u00a0 requires Windows XP for configuration and works best at downloading data from machines running XP or earlier. However, it does have some Windows Vista support. Microsoft plans to release a new version of COFEE next year that fully supports Vista and Windows 7, a spokesperson said.<\/p>\n<p>&#8220;<em>It&#8217;s a rather straightforward tool and it uses a lot of off-the-shelf technology already,<\/em>&#8221; said Richard Boscovich, a senior attorney for Microsoft&#8217;s World Wide Internet Security Program. &#8220;<em>That&#8217;s the beauty of the tool \u2013 that you don&#8217;t need that forensics expert at the scene.<\/em>&#8221; Michael Merritt, assistant director of the U.S. Secret Service told an audience at Microsoft&#8217;s Digital Crime Consortium, &#8220;<em>The difference now with technology is that many companies like yours house valuable information\u00a0 &#8230; And that now has become the target of many criminals.<\/em>&#8221;<\/p>\n<p>Boscovich said Microsoft is offering the tool for free because it helps police cut down on the larger problem of high-tech crime. Microsoft software, because of its ubiquity, is usually considered the most at-risk for digital attacks.<\/p>\n<p>&nbsp;<\/p>\n<p><em><a title=\"Ralph Bach\" href=\"https:\/\/rbach.net\/index.php\/new-resume\/\" target=\"_blank\" rel=\"noopener noreferrer\">Ralph Bach<\/a>\u00a0has been in IT long enough to know better and has blogged from his\u00a0<a title=\"Bach Seat\" href=\"https:\/\/rbach.net\/\" target=\"_blank\" rel=\"noopener noreferrer\">Bach Seat<\/a> about IT, careers, and anything else that catches his attention since 2005. You can follow him on <a class=\"broken_link\" href=\"http:\/\/www.linkedin.com\/in\/rb48334\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">LinkedIn<\/a>,\u00a0<a href=\"https:\/\/www.facebook.com\/ralph.bach.14\" target=\"_blank\" rel=\"noopener noreferrer\">Facebook<\/a>,\u00a0and\u00a0<a href=\"https:\/\/twitter.com\/rbach48334\" target=\"_blank\" rel=\"noopener noreferrer\">Twitter<\/a>. Email the Bach Seat\u00a0<a href=\"mailto:\/\/bach.seat@gmail.com\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft &#038; NW3C to offer COFEE a computer-forensics tool to police for free. so any officer can record the current processes of a suspect&#8217;s computer.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[3216,83,82,4],"class_list":["post-1325","post","type-post","status-publish","format-standard","hentry","category-security","tag-3216","tag-forensics","tag-microsoft","tag-security"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/1325","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/comments?post=1325"}],"version-history":[{"count":6,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/1325\/revisions"}],"predecessor-version":[{"id":131518,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/1325\/revisions\/131518"}],"wp:attachment":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/media?parent=1325"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/categories?post=1325"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/tags?post=1325"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}