Forensics
[Fwd: NZ cops get 'COFEE' to capture PC evidence] May 03 2008 03:32PM
atrav (atrav copper net)
Interesting news from New Zeland, I wonder how to get a copy. ;o)
-Aron-

-------- Original Message --------

http://www.stuff.co.nz/4507443a28.html

NZ cops get 'COFEE' to capture PC evidence
NZPA | Saturday, 03 May 2008

New Zealand police have been given a small plug-in device that
investigators can use to quickly extract forensic data from computers
that may have been used in crimes.

The COFEE, which stands for Computer Online Forensic Evidence
Extractor, is a prototype of a USB "thumb drive" that Microsoft has
quietly distributed to a few law-enforcement agencies around the
world.

A spokesman at police national headquarters said today: "Police have
been issued with the COFEE tool by Microsoft and the E-Crime Lab's
digital forensic analysts have been trained in the use of it".

New Zealand police had an excellent relationship with the software
company, which had provided specialist training to digital forensic
analysts and investigators, he said.

Overseas, experts in computer forensics have said the preconfigured,
automated tool can carry out in 20 minutes, with the click of one
button, 150 complex commands that previously required a manual process
taking three to four hours.

Microsoft general counsel Brad Smith confirmed the device dramatically
cut the time required to gather the digital evidence which is becoming
more important in real-world crime, as well as cybercrime.

It can decrypt passwords and analyse a computer's internet activity,
as well as data stored in the computer.

The tiny device also eliminates the need to seize a computer itself,
which typically involves disconnecting from a network, turning off the
power and potentially losing data. Instead, the investigator can scan
for evidence on site.

It was provided for free, Mr Smith told the Seattle Times newspaper,
because the software company was working to help ensure that the
internet stayed safe.

"It's basically a thumb drive that is like a Swiss army knife for law
enforcement officials that are investigating computer crimes.

"If you're a law enforcement official and let's say you have access to
a computer that might be used, for example, by a child predator, a lot
of times they have information on their hard disk that's encrypted,
and you've got that information off in order to have a successful
investigation and prosecution.

"In the past, people would have to literally unplug the computer, they
would lose whatever was in RAM. They'd have to transport it somewhere
else, and it would take at least four hours, often more to get at the
heart of the information."

COFEE was developed by Anthony Fung, a former Hong Kong police officer
working as a senior investigator on Microsoft's internet safety team.

-----------------------------------------------------------------
Uncover stealthy Trojans and malware in corporate web traffic
Anti-virus and URL filtering solutions provide only a limited solution to evasive crimeware.
Qualify for a free audit for enterprises
www.finjan.com/RUSafe

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus