Microsoft's new product goes against crime: Meet (Hot) COFEE

Posted by Theo Valich

Redmond (WA) - Cyber-crimes have evolved from hackers fighting against the
views of government to sophisticated identity theft, breaking into
banks and various criminal activities. So far, local police
organizations have been losing a lot of time to recover data from such
machines, and they need all the help they can get. Now Microsoft is joining the fight.

Enter COFEE. This product was developed by Anthony Fung, a former Hong Kong crime specialist that now works with Microsoft's Internet Safety team. The Computer Online Forensic Evidence Extractor is a significantly modified USB drive that contains a lot of complex commands which result in hard drive access. After accessing the hard drive, forensics departments can easily restore data, which was a process that previously took 3-4 hours of manual labor.

This device is now being delivered to a initial number of police departments, and initial results look promising. According to reports that are coming out from Microsoft's Law Enforcement Technology (LE Tech) event that was held in late April, it takes a single click of a button and 20 or so minutes to start extracting data. This applies to computers running Microsoft Windows, the world's predominate operating system. Some of the technology for this part came from Winternals, a brilliant tool that resulted in Microsoft's acquisition of Sysinternals. Of course, as soon as the acquisition was complete, Microsoft shut down Winternals purchase options.

The only issue that we see here is what will happen when criminals gain access to COFEE (and that will happen sooner or later). Well, police will then have to combine the old-fashioned way with the new USB sticks.