The Computer Online Forensic Evidence Extractor (Cofee) is a USB thumb-drive developed by Microsoft that was distributed to more than 2000 law-enforcement officers in 15 countries including the United States, Germany, New Zealand and Poland.
Software on the device supports more than 150 commands that eliminate the need to seize the computer from the scene because it can gather the evidence right there.
The commands can be used to decrypt passwords, analyze the Internet activity and data that is stored on the computer. The advantage of this method is that data can be analyzed while the computer is still connected to a network or the Internet which is not be possible if the computer is seized.
Some blogs have gone so far as to assume that Microsoft would give Vista backdoor keys to the police but the original article at the Seattle Times did not mention that at all. The tools on the USB device provide a set of commands that speed up the evidence gathering process and allow that process to be started while the computer is still running in its local environment.
The original Seattle Times article seems to support that by quoting the head of the Special Assault Unit in the King County Prosecuting Attorney's Office.
The 35 individual law-enforcement agencies in King County, for example, don't have the resources to investigate the explosion of digital evidence they seize, said Johnson, who attended the conference.
"They might even choose not to seize it because they don't know what to do with it," she said. "... We've kind of equated it to asking specific law-enforcement agencies to do their own DNA analysis. You can't possibly do that."
I think it is fair to assume that Microsoft is providing the tools and probably even the training, or at least training manuals, so that law-enforcement agents won't face the decision of what to do with the computers.
Update: Cofee leaked in 2009 to various torrent websites and other sites on the Internet where it has been available for download. The download itself is no use however as it requires other tools only available to law enforcement agencies.
Additional information about Cofee can be found on Wikipedia.Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.