It has been revealed that Microsoft has developed a tool which will enable forensic investigators to easily gather digital evidence after a crime has been committed. The COFEE is a USB device that reportedly supports 150 commands that can dramatically cut the time it takes to gather digital evidence including decrypting passwords analyzing Internet activity, and all data stored in the computer. Apparently the device has been available to the law enforcement community since June 2007, although there have not to my knowledge been any previous public revelations of its use. Microsoft’s Tim Cranton describes COFEE as “a preconfigured, automated tool” that “fits on a USB thumb drive. Prior to COFEE the equivalent work would require a computer forensics expert to enter 150 complex commands manually through a process that could take three to four hours. With COFEE, you simply plug into a running computer to extract the data with the click of one button –completing the work in about 20 minutes.” Cranton states that more than 2,000 law enforcement officers have registered for COFEE and the tool is used in over 15 countries.
The IMO not very surprising revelation of COFEE hit the blogosphere today during Microsoft’s 2nd Annual Law Enforcement technology Conference an event especially for law enforcement officials which is being attended by 400 individuals from more than 80 agencies in 35 countries around the world.
COFEE is only one aspect of Microsoft’s anti-cybercrime efforts. Cranton also described the role of the Internet Safety Enforcement Team and organization founded in 2002 as making “the Internet safer and more secure for everyone. ” Although Cranton didn’t go into any further detail of what this organization actually does on a day to day basis, he does reveal that the ISET consists of “35 professionals around the globe including former prosecutors, investigators, software engineers and business professionals whose full-time job is to make the Internet a safer place.”
This seems to be somewhat at odds with Aaron Kornblum’s previous revelations about ISET which described the organization as “a worldwide group of 65 attorneys, investigators, and other professionals” but whatever the size of the organization it appears their primary work is to aid law enforcement with technical investigations. ISET aided the FBI in gathering evidence against convicted phisher Jayson Harris who was operating “a phishing scheme by creating a bogus MSN billing website and then sending e-mails to MSN customers requesting that they visit the website and update their accounts by providing credit card account numbers and other personal information. ”
The work of Peter Fifka, an ISET investigator was documented in an enjoyable 2003 article entitled Gumshoe chases Internet villains in Eastern Europe ISET also targets spammers and the creators of viruses and worms. Some are sure to question Microsoft’s motives and wonder about their influence over investigations conducted by the law enforcement community.
The Justice Department says the company doesn’t influence its investigations. Microsoft is not “driving law enforcement’s priorities,” according to Christopher Painter, deputy chief of the department’s Computer Crime Section, but given the fact that Microsoft appears to initiate at least some of the investigations conducted by ISET questions are likely to remain.
[Update: According to this article, COFEE was developed by Anthony Fung, a senior investigator on Microsoft’s Internet Safety Enforcement Team. Some additional interesting speculation about COFEE here ]