Computer Online Forensic Evidence Extractor

[Syphilis]

Computer Online Forensic Evidence Extractor

This is a piece of software developed by Microsoft for law enforcement agencies. It was recently leaked. Runs on Windows. It is designed for noob-police who are inexperienced with computers. There are much better forensic tools out there, don't expect too much from COFEE.

Download link: http://www.sendspace.com/file/bb0t28
Password is "zoklet" without the inverted commas.

Didn't detect any viruses or trojans.


Info:

Quote:

Originally Posted by http://www.microsoft.com/industry/government/solutions/cofee/default.aspx

Law enforcement agencies around the world face a common challenge in their fight against cybercrime, child pornography, online fraud, and other computer-facilitated crimes: They must capture important evidence on a computer at the scene of an investigation before it is powered down and removed for later analysis. "Live" evidence, such as active system processes and network data, is volatile and may be lost in the process of turning off a computer. How does an officer on the scene effectively do this if he or she is not a trained computer forensics expert?

To help solve this problem, Microsoft has created Computer Online Forensic Evidence Extractor (COFEE), designed exclusively for use by law enforcement agencies. COFEE brings together a number of common digital forensics capabilities into a fast, easy-to-use, automated tool for first responders. And COFEE is being provided—at no charge—to law enforcement around the world.

With COFEE, law enforcement agencies without on-the-scene computer forensics capabilities can now more easily, reliably, and cost-effectively collect volatile live evidence. An officer with even minimal computer experience can be tutored—in less than 10 minutes—to use a pre-configured COFEE device. This enables the officer to take advantage of the same common digital forensics tools used by experts to gather important volatile evidence, while doing little more than simply inserting a USB device into the computer.

The fully customizable tool allows your on-the-scene agents to run more than 150 commands on a live computer system. It also provides reports in a simple format for later interpretation by experts or as supportive evidence for subsequent investigation and prosecution. And the COFEE framework can be tailored to effectively meet the needs of your particular investigation.

To help combat the growing number of ways that criminals use computers and the Internet to commit crimes, Microsoft is working with INTERPOL and the National White Collar Crime Center (NW3C) to provide COFEE at no cost to law enforcement agencies in 187 countries worldwide. INTERPOL and NW3C are also working with Florida State University and University College Dublin to continue the research and development that will help ensure that COFEE serves the needs of law enforcement, even as technology evolves.

[Syphilis]

OK, if anybody can get this working, please post instructions.

-The installer gives an incorrect parameter error on launch.
-Running the preinstalled autorun file makes a command line flash up for a fraction of a second before disappearing, and that is all.
-Trying to launch the program itself gives an initialisation failure error.
-Tried copying to USB and launching from there.

[nm43388]

So the one your provided doesn't work? This can be an amazing tool Syphilis! I'll be looking as well if you find a working one before I do just post it here. THANKS

[Syphilis]

OK, the error message is:
"Expected USB storage device not exist of DILabel not correct!!!"

I've tried it with a blank USB drive inserted, and with running the program from a USB drive. Same result.

Quote:

Originally Posted by nm43388

So the one your provided doesn't work? This can be an amazing tool for Syphilis! I'll be looking as well if you find a working one before I do just post it here. THANKS

I think it's more of a simple program to automate the process for police officers who don't exactly know much about computers. Nothing particularly new.

[Syphilis]

OK, I've got it installed by using WINE in OS X. Crashes when I try to launch it though.

I'll see if I can copy it into Windows now... If it works I'll upload a working copy.

[Syphilis]

Same error once I copy it into XP SP3.

[Mor3BL7]

I dont know how you got this, But i'm going to tell you to delete it and get a new computer and erase this thread.
you've been warned op.

[StallionExplosion]

Works for me

[nm43388]

Quote:

Originally Posted by Mor3BL7

I dont know how you got this, But i'm going to tell you to delete it and get a new computer and erase this thread.
you've been warned op.

I'm curious as to why?

[A Dying Breed]

Syphilis, the reason the .msi is giving you the error is because you didn't download it off of what.cd (where it originally was uploaded).

What you have to do is use "leMSIerables" which i provide in this link -->(http://blogs.pingpoet.com/overflow/p...s-20051110.zip) its a program that lets you extract all the files from the .msi yourself.

Then you can run it from the extracted directory.

I think I should just let you guys know, this program is a joke. All it does is collect some minimal information about the computer and you even have to be logged in to use it. You make your flash drive with COFEE, plug it into your target computer (can only be WinXP) then it executes some commands like "ipconfig" "netstat" etc. and saves the data for you then you plug that drive back into your host computer and can look at the data in a neat .xml/html version. It's really useless and there is already free software that can do this anyways.

[nm43388]

Damn i was hoping that it was more like a "Sucker" Program. I heard about those at this Seminar I went to that was on Network Exploits here at my University. Anyways the presenter said it was a program you put on a usb, plug it into a computer, and BOOM you have a shitload of info in a small amount of time.

[A Dying Breed]

Quote:

Originally Posted by nm43388

Damn i was hoping that it was more like a "Sucker" Program. I heard about those at this Seminar I went to that was on Network Exploits here at my University. Anyways the presenter said it was a program you put on a usb, plug it into a computer, and BOOM you have a shitload of info in a small amount of time.

Yes, a shit load of useless info. Like the processes that were running when you ran COFEE, the users logged in, the list of users, network info etc.

[Syphilis]

Quote:

Originally Posted by A Dying Breed

Syphilis, the reason the .msi is giving you the error is because you didn't download it off of what.cd (where it originally was uploaded).

What you have to do is use "leMSIerables" which i provide in this link -->(http://blogs.pingpoet.com/overflow/p...s-20051110.zip) its a program that lets you extract all the files from the .msi yourself.

Then you can run it from the extracted directory.

Thanks for the tip.

Quote:

I think I should just let you guys know, this program is a joke. All it does is collect some minimal information about the computer and you even have to be logged in to use it. You make your flash drive with COFEE, plug it into your target computer (can only be WinXP) then it executes some commands like "ipconfig" "netstat" etc. and saves the data for you then you plug that drive back into your host computer and can look at the data in a neat .xml/html version. It's really useless and there is already free software that can do this anyways.

Yeah I thought it was going to be something pretty simple. You'd be better off booting from a linux CD and working from there.

[A Dying Breed]

Quote:

Originally Posted by Syphilis

Thanks for the tip.


Yeah I thought it was going to be something pretty simple. You'd be better off booting from a linux CD and working from there.

Yes, you are correct. Just use Knoppix STD, Backtrack, or nUbuntu for your computer forensic needs. They all have WAY more tools and can be used against pretty much any OS(not just XP like COFEE).

[nm43388]

Quote:

Originally Posted by Syphilis

Thanks for the tip.


Yeah I thought it was going to be something pretty simple. You'd be better off booting from a linux CD and working from there.

Very true but keep in mind how STUPID cops really are. Some of them buy computers for the purpose of being able to sit on their fatass' and play spider solitaire all fucking day! I should rape them all!

PRIME EXAMPLE:

Bozo the Clown and his buddy Bobo went to a bar one night. Got drunk, met some chicks, turned out to be cunts then they took off. Well before they left Bozo took put some gloves on and took a beer bottle and put it through her window. Anyways the Police kept calling Bobo's phone asking for the Victim by name. Bobo never answered and eventually got a call from the SAME police officer asking for Bobo by name.

Basically the dumbass cop mixed the numbers up and pretty much gave Bobo and Bozo the heads up that he wanted to ask them about that smalltime bullshit.

[A Dying Breed]

Quote:

Originally Posted by nm43388

Very true but keep in mind how STUPID cops really are. Some of them buy computers for the purpose of being able to sit on their fatass' and play spider solitaire all fucking day! I should rape them all!

PRIME EXAMPLE:

Bozo the Clown and his buddy Bobo went to a bar one night. Got drunk, met some chicks, turned out to be cunts then they took off. Well before they left Bozo took put some gloves on and took a beer bottle and put it through her window. Anyways the Police kept calling Bobo's phone asking for the Victim by name. Bobo never answered and eventually got a call from the SAME police officer asking for Bobo by name.

Basically the dumbass cop mixed the numbers up and pretty much gave Bobo and Bozo the heads up that he wanted to ask them about that smalltime bullshit.

Bozo and Bobo sound like cool guys.

[nm43388]

Quote:

Originally Posted by A Dying Breed

Bozo and Bobo sound like cool guys.

I LOL'd

But YES! The coolers punk rockers this side of the motherfucking Mississippi

[samguy700]

why is this usefull?
sorry i m a noob please explain?