Ops, someone spilled the COFEE...  Microsoft's COFEE tool for LEO investigations has been leaked via torrents. It's never been released before.  Luckily, the story is telling normal non-security folks they do not need it.  Of course, everyone will download it.  It'll be like a badge of honor, kinda like that old text file with hundreds of dead CC numbers all the kids used to have back in the day.

-un

Source: http://www.crunchgear.com/2009/11/06/siren-gif-microsoft-cofee-law-enforcement-tool-leaks-all-over-the-internet/

Someone said there is a false positive in a program related to SHA1 hashing.  I'm not sure if I want to touch it either way.  I've always wondered what could be so special about this tool, that is not all ready available.  Is it just dumbed down for LEO use?  OR is does it have some M$ special sauce?

I'm sure someone has used it, cough *ketchup*, and may be able to shed some light... not naming any names.

Pretty much it's a front end GUI for preparing a USB with automated command usage for many of the inbuilt windows command utilities such as netstat.exe, nbtstat, net user and a whole bunch of other things, if you've been working in IT and you know all of your windows commands its nothing special. I did some research on it today, shame they need front ends for things nowadays because people don't know how to use command line based tools with switches