Dic 15

COFEE vs. DECAF

Tag: 01,Informática LegalJoaquim Anguas @ 7:48 am

COFEE is a set of tools packaged into an USB drive oriented to ease the task of first strike computer evidence collection distributed by Microsoft through INTERPOL to law enforcement agencies worldwide.

It slowly made its way to the public, getting widespread when last month showed up on the web through Cryptome.

In an exercise of posing, a group of «hackers» two average joes have released antiforensics software called DECAF dedicated to reduce or kill COFEE’s effectivity.

«We want to promote a healthy unrestricted free flow of internet traffic and show why law enforcement should not solely rely on Microsoft to automate their intelligent evidence finding» they declared to theregister.

Not to offend, but I say it’s an exercise of posing because this action in no way «promotes healthy unrestricted free flow of internet traffic» and recognising they may have a point in the reliance in Microsoft of law enforcement in the automation of their evidence collection, the fact is that in most cases it’s in Microsoft realm where evidences live and early, easy evidence collection is better than no evidence at all.

In any case, if they have concerns relating this product, which they may perfectly have, they’d better raise them disclosing the implications so everybody can balance the convenience of using COFEE or not.

At this point, some of you may be thinking I forgot to link to DECAF.

No, I din’t forget and neither did the guys at theregister or Wired…

Via theregister.