Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Counter Microsoft COFEE With Some DECAF

Posted by kdawson on from the please-mister-moto dept.

An anonymous reader writes "Two developers have created 'Detect and Eliminate Computer Assisted Forensics' (DECAF). The tool tries to stop Microsoft's Computer Online Forensic Evidence Extractor (COFEE), which helps law enforcement officials grab data from password-protected or encrypted sources. After COFEE was leaked to the Web, Microsoft issued takedown notices to sites hosting the software." The article notes that DECAF is not open source, so you aren't really going to know for sure what it will do to your computer.

4 of 154 comments (clear)

  1. The Site... by JBG667 · · Score: 5, Informative

    http://www.decafme.org/

    --
    There are 10 kinds of people in the world > > Those who understand binary and those who don't
  2. Disable autorun, lock your computer by OverlordQ · · Score: 4, Informative

    AFAIK, if your computer is locked COFEE relies on autorun to work, so disable autorun and lock your computer will pretty much thwart COFEE, since it would somehow require bypassing MS's supplied GINA dll, which given it's Microsoft, might know how to do, but would find it highly unlikely.

    --
    Your hair look like poop, Bob! - Wanker.
  3. Re:So let me get this straight... by Bios_Hakr · · Score: 3, Informative

    So, set up a VM and then port it through WireShark. It shouldn't be too hard to figure out if it's communicating with some central server.

    --
    I'd rather you do it wrong, than for me to have to do it at all.
  4. Re:Perfect trojan horse by b4dc0d3r · · Score: 3, Informative

    It's .NET and they ran Dotfuscator over it, so you're going to have to graduate past bovine intelligence on this one.