While knowledge of the existence of Microsoft COFEE may not be news to anyone who spends time on the internet, the fact that it’s now in the wild might be.
Briefly, COFEE is a piece of software designed to make computer forensics simple for uneducated users. Anyone with a device (such as a USB key) set up to run the software need only insert it into a computer and run any number of over 150 commands to gather ‘incriminating data’. What that data is is not specified on the COFEE site, but it can be safely assumed that it would include personal information.
In the last couple of days, COFEE was uploaded to a number of websites which I won’t specify here. The issue here is not that the software exists, nor its potential legitimate uses (tin foil hats aside), but the fact that now it is available, measures can and surely will be taken to prevent it from working (one comment on CrunchGear wittily labelled such a measure as DECAF). While it has taken a while for COFEE to be leaked – the earliest reference I could find to the program is a Gizmodo article dated to August 2008 – it’s another ignominious slap in the face for computer law enforcement, and highlights the inevitability of anti-investigative measures taken by criminals.
I haven’t looked at it myself, but it’ll be interesting to see some analysis of the tool pop up over the next few weeks.