.

Microsoft's COFEE LEO Forensics Tool Spills onto the internet.

<<

unsupported

User avatar

Sr. Member
Sr. Member

Posts: 318

Joined: Sun Feb 08, 2009 3:38 pm

Location: 407

Post Mon Nov 09, 2009 7:03 am

Microsoft's COFEE LEO Forensics Tool Spills onto the internet.

Ops, someone spilled the COFEE...  Microsoft's COFEE tool for LEO investigations has been leaked via torrents. It's never been released before.  Luckily, the story is telling normal non-security folks they do not need it.  Of course, everyone will download it.  It'll be like a badge of honor, kinda like that old text file with hundreds of dead CC numbers all the kids used to have back in the day.

-un

Source: http://www.crunchgear.com/2009/11/06/si ... -internet/
Last edited by unsupported on Mon Nov 09, 2009 7:11 am, edited 1 time in total.
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
<<

Ignatius

Jr. Member
Jr. Member

Posts: 91

Joined: Sun Mar 22, 2009 9:51 am

Post Mon Nov 09, 2009 7:07 am

Re: Microsoft's COFEE LEO Forensics Tool Spills onto the internet.

I just read about the leak elsewhere but one poster wondered if it's clean.  I guess it will be analysed thoroughly by trusted (as well as untrusted!) folks to analyse what it does ... and how.
<<

unsupported

User avatar

Sr. Member
Sr. Member

Posts: 318

Joined: Sun Feb 08, 2009 3:38 pm

Location: 407

Post Mon Nov 09, 2009 7:14 am

Re: Microsoft's COFEE LEO Forensics Tool Spills onto the internet.

Someone said there is a false positive in a program related to SHA1 hashing.  I'm not sure if I want to touch it either way.  I've always wondered what could be so special about this tool, that is not all ready available.  Is it just dumbed down for LEO use?  OR is does it have some M$ special sauce?

I'm sure someone has used it, cough *ketchup*, and may be able to shed some light... not naming any names.
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Mon Nov 09, 2009 10:16 am

Re: Microsoft's COFEE LEO Forensics Tool Spills onto the internet.

LOL, I actually haven't played with it.  I am curious though. 
~~~~~~~~~~~~~~
Ketchup
<<

3PIL0GU3

Newbie
Newbie

Posts: 38

Joined: Tue Aug 18, 2009 7:48 am

Post Tue Nov 10, 2009 2:32 am

Re: Microsoft's COFEE LEO Forensics Tool Spills onto the internet.

Pretty much it's a front end GUI for preparing a USB with automated command usage for many of the inbuilt windows command utilities such as netstat.exe, nbtstat, net user and a whole bunch of other things, if you've been working in IT and you know all of your windows commands its nothing special. I did some research on it today, shame they need front ends for things nowadays because people don't know how to use command line based tools with switches
----------------------------
CEH
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Tue Nov 10, 2009 8:06 am

Re: Microsoft's COFEE LEO Forensics Tool Spills onto the internet.

3PIL0GU3, Remember, the tool is geared towards cops, not IT.  It's not until cops get assigned to forensics, that they are taught the relevant computer skills. 
~~~~~~~~~~~~~~
Ketchup

Return to Forensics

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software