Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft COFEE Leaked

Posted by Soulskill on from the not-so-hot-cofee-incident dept.

54mc writes "Crunchgear reports that Microsoft's long-searched-for forensics tool, COFEE, has been leaked. The tool started on a small, private tracker, but has since worked its way to The Pirate Bay. Not all those who have gotten hold of it are enthused, and reviews have ranged from 'disappointing' to 'useless.' From the article: 'You have absolutely no use for the program. It's not something like Photoshop or Final Cut Pro, an expensive application that you download for the hell of it on the off-chance you need to put Dave Meltzer's face on Brett Hart's body as part of a message board thread. No, COFEE is 100 percent useless to you.'"

8 of 171 comments (clear)

  1. Re:But by hansraj · · Score: 4, Informative

    Wikipedia is your friend.

  2. Re:As someone in the Security Field... by Anonymous Coward · · Score: 4, Informative

    I've been doing computer forensics for twenty five years. I am the original poster and I happen to konw exactly what I'm talking about, having been prompted to give detailed feedback about Microsoft's COFEE "suite".

    The lowdown:

    It doesn't do anything that any number of freely available, open source tools don't do (most of which, or at least most of the lineage of which can be found in Knoppix-STD (www.knoppix-std.org), and it happens to do them poorly.

  3. Re:While I don't have any use for the program by Lloyd_Bryant · · Score: 4, Informative

    Most warrants are specific... not that I'd want to defend myself on that basis, but I'm sure a good lawyer could help you if you were investigated for child porn and the only thing they find is some evidence of Internet gambling.

    On the other hand, I'd stop the Internet gambling right away, because you know they'd be looking for a way to justify getting you for that having 'lost' the child porn case.

    The *warrant* is specific, but if, in the service of the warrant, the officer finds something else, that evidence *can* be seized, and I believe it would be admissible in a court of law (IANAL!).

    The police cannot search for something that is not on the warrant, however. So if the warrant specifies a "bicycle", the police would have no business looking in your sock drawer (unless said sock drawer was large enough to hold the bicycle, of course). But if the warrant specifies drugs (which could reasonably be hidden in a sock drawer), and when searching the sock drawer find a pistol, they can seize the pistol, even though it's not on the warrant.

    Given the nature of a computer search, I'd expect anything on the hard drive to be fair game...

    --
    Don't tell me to get a life. I had one once. It sucked.
  4. Re:While I don't have any use for the program by quickOnTheUptake · · Score: 3, Informative

    Most warrants are specific

    Yes but IIRC, in the US, they can use any evidence, even of a crime other than what the warrant was initially for, if they found it while carrying out a legitimate search, while acting within the scope of the warrant.
    This happens with Terry stops all the time: The officer has a right to perform a limited search of a suspect (a pat down) to ensure he isn't armed, but in so doing finds a nickle bag, which he can keep as evidence, even though that wasn't what he was allowed to look for.
    I believe this goes back to the plain view doctrine.
    Car analogy: If they have a warrant to search your car for coke, and while searching, notice a bloody body in the trunk and a machete with your fingerprints and the victim's blood on it in the glove box, they can certainly charge you with murder, even though that's what the warrant was for.
    IANAL

    --
    Mod points: Guaranteed to remove your sense of humor.
    Side effects may include gullibility and temporary retardation
  5. Re:While I don't have any use for the program by dkleinsc · · Score: 4, Informative

    Well, that sort of thing comes from the idea that if we don't tell kids about sex then they won't have it. You know, unlike their parents, grandparents, great-grandparents, and great-great-grandparents.

    --
    I am officially gone from /. Long live http://www.soylentnews.com/
  6. Re:While I don't have any use for the program by cawpin · · Score: 3, Informative

    But if the warrant specifies drugs (which could reasonably be hidden in a sock drawer), and when searching the sock drawer find a pistol, they can seize the pistol, even though it's not on the warrant.

    No they can't. They can only seize it if it is illegal, by itself, for the owner to possess. Now, if they find drugs as well they can probably do so under the right circumstances.

    Owning a firearm, in and of itself, is not illegal for most people. This, of course, excludes certain persons such as felons, the mentally unstable and most legal, yes legal, aliens.

  7. Re:While I don't have any use for the program by nairb774 · · Score: 2, Informative

    IANAL, but I think the concept you are looking for is "in plain sight". Programs like this make a lot more things on you computer become visible in a standard search - enough so that the question of whether it qualifies for "in plain sight" has been discussed here and a court case reported on in a slashdot article.

  8. Re:But by Runaway1956 · · Score: 2, Informative

    Try Helix3. Don't jump up and down, telling me that it's another Linux LiveCD. There is a Windows executable in the root directory to capture system state stuff. When that finishes, you can reboot to the LiveCD for more tools.

    They have an outdated version that is free, and if you wish to pay about 7 or 8 hundred bucks, you can get the up-to-date version.

    --
    "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br