[ISN] Hackers declare war on international forensics tool

From: InfoSec News <alerts_at_private>
Date: Tue, 15 Dec 2009 02:07:47 -0600 (CST)

By Dan Goodin in San Francisco
The Register
14th December 2009

Hackers have released software they say sabotages a suite of forensics 
utilities Microsoft provides for free to hundreds of law enforcement 
agencies across the globe.

Decaf is a light-weight application that monitors Windows systems for 
the presence of COFEE, a bundle of some 150 point-and-click tools used 
by police to collect digital evidence at crime scenes. When a USB stick 
containing the Microsoft software is attached to a protected PC, Decaf 
automatically executes a variety of countermeasures.

"We want to promote a healthy unrestricted free flow of internet traffic 
and show why law enforcement should not solely rely on Microsoft to 
automate their intelligent evidence finding," one of the two hackers 
behind Decaf told The Register in explaining the objective of the 

Microsoft has been pouring free COFEE to law enforcement officers since 
at least mid 2007. Short for Computer Online Forensic Evidence 
Extractor, it packages forensics tools onto an easy-to-use USB stick 
that allows investigators to collect browsing history, temporary files 
and other sensitive data from most Windows-based machines. COFEE is 
distributed through Interpol.


Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
Received on Tue Dec 15 2009 - 00:07:47 PST

This archive was generated by hypermail 2.2.0 : Tue Dec 15 2009 - 00:22:41 PST