Microsoft Computer Online Forensic Evidence Extractor (COFEE)

Реєстрація
31.07.08
Місто
Днепр
Телефон
Sams S23U / iPhone 15+
MICROSOFT COFEE v1.1.2 - ИНСТРУМЕНТАРИЙ СИЛОВЫХ ВЕДОМСТВ США И КАНАДЫ ДЛЯ СБОРА ДАННЫХ С ПК ПОДОЗРЕВАЕМЫХ.​

Microsoft Computer Online Forensic Evidence Extractor (COFEE) v1.1.2 — набор инструментальных средств, команд помогающий IT-следователям и криминалистам быстро извлекать необходимую для следствия информацию (forensic data), с ПК подозреваемых для доказательства их криминальной активности. COFEE позволяет криминалистам искать по данным прямо на месте эксплуатации в автоматическом режиме. С помощью COFEE создается специальный загрузочный USB диск, который затем запускает программу собирающую улики с ПК подозреваемого. Microsoft обещает, что с программой справится начинающий пользователь. Набор средств COFEE не является секретной или тайной программой разработанной компанией Microsoft для силовиков США И КАНАДЫ, но этот инструментарий не был общедоступен для свободного скачивания весьма длительное время, хотя польза от обладания COFEE обычным пользователем весьма сомнительна. Тем не менее заинтересованные лица смогут узнать как и какого именно рода данные способны извлечь следователи с помощью этого инструментария.

Убежал COFEE
Тайное оружие разработанное Майкрософт для силовиков, Microsoft COFEE, утекло в Интернет.
За него давали 1.5 TB бонуса на закрытых трекерах в течении полутора лет. Никто не надеялся, что его когда-то удастся закачать, но вчера это произошло.

MICROSOFT COFEE v1.1.2 - is being made available to individuals employed by law enforcement agencies within the United States and Canada. COFEE means the Computer Online Forensic Evidence Extractor tool that fits on a USB drive and automates the execution of commands for data extraction and related documentation. Distribution is limited to law enforcement agencies. Access to the COFEE product requires verification of employment with a law enforcement agency and agreement to the terms and conditions of the Microsoft/NW3C Sublicense Agreement.

What is COFEE?
COFEE consists of three major components: the GUI interface for the investigator, the command line application to be executed on the target machine, and the individual tools which are managed by COFEE and the command line application.
There are two major types of live forensics investigation tools – Live Information Acquisition tools and Remote Online Acquisition tools. Computer Online Forensic Evidence Extractor (COFEE) is a live information and volatile data forensics acquisition system.
The GUI interface was developed for managing the tool selection, generating scripts, loading programs onto a USB device, and creating a report from the collected data.
The command line application was developed for controlling and executing a set of selected tools on the target machine.

Digital Forensics Attributes and Principles:
In any digital forensics investigation, digital forensics specialists and legal advisors should ensure the balance between the three main attributes: Reconnaissance, Relevancy and Reliability of the digital evidence. In any digital forensics investigation, the investigator should always attempt to achieve the maximum amount of data acquisition while having a minimal effect on the integrity or accuracy of the data.
When applying Reconnaissance, Relevancy and Reliability to the live forensics investigation
environment, it is paramount that any investigative tool used should operate in the least intrusive way.
It is also vital that all operations conducted on a target machine be documented to the best extent possible. This aids in the reliability of the collected data, as well as the integrity of the target machine.
Great effort was taken to ensure that the COFEE execution process leaves the smallest footprint possible on the target machine.

Volatile Information Collected:
The specific information collected by COFEE varies depending upon which profile is selected, however the type of volatile information collected includes:
• Date and Time.
• Open network connections and additional network related information.
• User account information (including the currently logged on user).
• Current processes and services.
• Open files and registry information.

Why Use COFEE?
In COFEE, the GUI interface is used for the preparation of the forensics tools and the assigning of the digital forensics execution order. According to live forensics guidelines, investigators should take into account the order of evidence volatility, while having minimal interaction with the target machine.
COFEE has been designed to provide the investigator the ability to collect evidence from a target system with the minimum of user interaction. After the GUI interface generates a COFEE USB device (copies all scripts and programs), the investigator can take the device and easily insert it onto a target machine, and begin the collection process by executing a single program.
While specific programs have been selected as part of the included profiles, COFEE allows a seasoned investigator to add or remove any program they desire, as well as create any profile to meet their specific investigative needs.

Who Should Use COFEE?
COFEE was designed to meet the needs of two distinct classes of users: the forensic examiner and the front line investigator. The GUI console, which allows the user to create profiles and generate COFEE USB devices, was designed to be operated by a computer forensic examiner. The creation of profiles requires that the user have a firm understanding of the tools to be executed and the reason behind their inclusion within the profile.
The command line application, however, requires minimal training because the scripting process has already been designed by a forensic examiner. This allows any front line investigator to use this tool and collect data. Once the data is collected, the USB device should be returned to the forensic examiner for analysis.
-------------------------------
Качаем:
FileShare (UA-IX)
LetItBit
RapidShare
Deposit Files
-------------------------------
ЗЫ: сам еще не тестил, решил провести тесты коллективом красного. :)
ЗЫЗЫ: инфа взята с одного из моих любимых софтовых порталов http://zaza.net.ua/
 

Saab

Заблокирован
Реєстрація
26.10.07
Місто
Kiev
Телефон
iPhone
интересно, а украинские копы этим пользуются?
 
Реєстрація
30.04.08
Місто
Киевская область
Телефон
Nokia 6630 , Nokia Lumia 800
Реєстрація
26.10.07
Місто
Варшава
Телефон
Samsung Galaxy S20
И конечно же оно не работает с ФС отличными от ФАТ и НТФС...
 
Реєстрація
01.08.09
Місто
Киев
Подойдут они к компьютерам у меня на работе - а там USB нет
 
Реєстрація
16.11.08
Місто
Луганськ
Телефон
Samsung Galaxy A30
И главное всё затихло(
А жаль, инфосторе мне очень нравился.
 
Зверху