Announcement

Collapse
No announcement yet.

Microsoft's COFEE

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Microsoft's COFEE

    This sounds rather neat. According to an MS spokesman in one of the stories, it is a compilation of publicly available forensics tools. It would be interesting to learn which tools that the people at MS like for this work.

    http://seattletimes.nwsource.com/htm...msftlaw29.html

    http://blog.seattletimes.nwsource.co...ee_device.html

    http://www.dbtechno.com/computers/20...ty-in-windows/

    http://gizmodo.com/385476/microsoft-...-your-computer

    As an aside, I loved Gizmondo's opening line. It reads like Deviant is in trouble.
    You know how in cop shows they seize deviants' computers and bring them back to the lab for some good ol' latex gloved analysis ...
    Thorn
    "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird
    Tags: None
  • #2
    Re: Microsoft's COFEE

    I'm waiting to hear if Deviant has had the latex glove analysis.

    The /.'ers were all upset over this yesterday. I don't see any problem with with it. Once they have physical possession of the machine, there isn't much that can be done to stop them from reading everything on it.

    Unless of course, you're using full drive encryption, and only a terrorist would use that ;)
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

    Comment

    • #3
      Re: Microsoft's COFEE

      Someone will be passing around a CD/VD at Defcon with the tools on it I am sure.

      Comment

      • #4
        Re: Microsoft's COFEE

        Although a nice little tool which I am sure they will find helpful, there are already a plethora of commercial and open source products which do pretty much the same thing.

        COFEE only deals with live, logged on machines that you have not only physical access to but can also interact with. It is a preconfigured set of batch files which run lots of already available tools.
        Helix can do pretty much the same thing and is open source, alternatively there is the Encase FIM.

        The bit regarding getting around encryption refers to the fact that you use this on a running system with its drives already decrypted, not a LEO back door as some think.

        Comment

        • #5
          Re: Microsoft's COFEE

          Users ought to defend themselves by Taking Evasive Action (TEA).

          Comment

          • #6
            Re: Microsoft's COFEE

            Originally posted by the_wodon View Post
            Although a nice little tool which I am sure they will find helpful, there are already a plethora of commercial and open source products which do pretty much the same thing.

            COFEE only deals with live, logged on machines that you have not only physical access to but can also interact with. It is a preconfigured set of batch files which run lots of already available tools.
            Helix can do pretty much the same thing and is open source, alternatively there is the Encase FIM.
            .

            So very, very true. I understand the secret sauce in COFEE is that (1) it requires administrative privileges and (2) it automates over 150 different commands.

            Some of those already available products are listed here:


            http://www.news.com/8301-10789_3-9932600-57.html
            DaKahuna
            ___________________
            Will Hack for Bandwidth

            Comment

            • #7
              Re: Microsoft's COFEE

              So what they are basically saying is that if you are doing something illegal that you should use an encrypting(preferably custom/home grown) file system/boot partition, and make sure you don't leave your computer on all the time, and/or pull the plug and/or have some sort of power down tripwire setup incase of unauthorized entry.

              So I guess this invalidates the FBI play book of cut the power during a stand off.

              You are better off coming in covertly over the wire when available, securing said system from further tampering, and then busting in.

              xor
              Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

              Comment

              • #8
                Re: Microsoft's COFEE

                Originally posted by astcell View Post
                Users ought to defend themselves by Taking Evasive Action (TEA).
                Is this what you are referring to Astell :-)



                Ravager taking evasive action

                xor
                Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

                Comment

                Previous template Next
                Working...
                X