Tuesday, September 30, 2008

COFEE or tea?

A few months back, Microsoft introduced a USB drive called COFEE - Computer Online Forensics Evidence Extractor. The USB drive is loaded with all sorts of forensics tools that are "freely available". This set of tools is supposed to make extraction of forensic evidence easier on a PC.

Computer forensics is basically extracting evidence from a computer that may have been involved in a crime. It could be as simple as extracting evidence without giving a criminal a chance to say you planted evidence on the computer, or as complex as cracking passwords.

Now, supposedly, this USB drive is simply a combination of freely available software programs at the moment, but what gets to be a little scary is this - Microsoft wants to work with the law enforcement officials around the world, and they know what loopholes exist in their system. What's to prevent them from having some sort of backdoor installed to let law enforcement officials gain access to a criminal computer? Since Microsoft is basically a monopoly, it's hard to say.

It's great that they are working with law enforcement; what scares me is that whatever police can do, hackers will eventually do too.


1 comment:

David J. Csuha, CPP, CFE said...

This is reminiscent of when Federal law enforcement agencies joined forces with laser printer manufactures to develop a means of forensic analysis of printed data: http://www.eff.org/press/archives/2005/10/16