Anti-forensics tool promises to inhibit popular law enforcement software
A pair of hackers says it has developed a defense for a popular computer forensics tool used by many law enforcement agencies.
The anti-forensics tool, which is called DECAF, is designed to obstruct Computer Online Forensic Evidence Extractor (COFEE), a cybercrime forensics tool that is broadly distributed by Microsoft for use by law enforcement agencies.
"DECAF provides real-time monitoring for COFEE signatures on USB devices and running applications," the hackers say on their Website. "Upon finding the presence of COFEE, DECAF performs numerous user-defined processes, including COFEE log clearing, ejecting USB devices, drive-by dropper, and an extensive list of Lockdown Mode settings. The Lockdown mode gives the user an automated approach to locking down the machine at the first sign of unusual law enforcement activity.