All the latest UK technology news, reviews and analysis
|
|
|
09 Nov 2009
In an ironic twist of fate, Microsoft's Computer Online Forensic Evidence Extractor (Cofee) crime scene reporting tool has leaked onto the net.
According to the security firm Sophos and other reports, copies of the tool have surfaced on a file sharing site, and users are already downloading it. Cofee is designed to be used by crime scene investigators, letting them download the contents of a suspicious computer without the need to insert a USB key.
Microsoft describes the system thus: "Computer Online Forensic Evidence Extractor (Cofee) is designed exclusively for use by law enforcement agencies. Cofee brings together a number of common digital forensics capabilities into a fast, easy-to-use, automated tool for first responders. And Cofee is being provided — at no charge — to law enforcement around the world."
Should it fall into the wrong hands it could prove a useful tool for data harvesters and thieves, security experts warn.
"The ability to grab a perfect copy of data from a PC without interfering with a computer is attractive to the computer crime authorities - and it's especially handy when more and more drives are using encryption and strong passwords to prevent unauthorised access," wrote Sophos senior technology consultant Graham Cluley, in his blog.
"But at the same time, you can probably understand why Microsoft might wish to control who can get their paws on the software."
Cluley warned that as well as using Cofee to assist them in their own malicious activities, criminals could and write their own code that " neutralises" Cofee or wipes sensitive data from their computer if they determine the tool is being run on their own machine.
"That might make life difficult for the computer cops when they try to dash-and-grab data from a suspicious PC," he added.
Latest stories from Security
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
V3 examines the key strengths and weaknesses of Samsung's latest iPhone killer
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
Application Security SME, Penetration Tester / Ethical...
Java Developer Thomas Cook Online is the business unit...
Contract Systems Administrator, Southampton My...
PHP Web Developer required to join my market-leading...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
A little research goes a long way
Before the e-media gets all up in arms about this, maybe they should look into the leak itself. Several hints show that it may possibly be a fake. - All of the included "tools" are preinstalled on a Windows OS since Win2K. - The few files not included in OS's are not digitally signed by Microsoft. - Would MS really release something this major, even only in small circulations with a broken installer? - Why would MS use opensource ajax javascript when they have already coded similar scripts for use in their live suite of products? - Would MS really include a "Gang Bustaz" mode in their products, let alone something of this stature? - None of the accompanying documentation, such as how to use the tools manual contain MS wordmarks, copyright or logos. - The loader application does nothing more than run scripts that utilise OS's built in functions and logs them to a .xml, any user can copy files from sys32 to a usb drive and run a batch script to achieve the same effects. Unsigned files: http://i37.tinypic.com/2uglaj7.jpg Inconsistent design (read: designed by a 7 year old with vbasic) http://i37.tinypic.com/9amxld.jpg
Posted by: Dr Prawn 09 Nov 2009