DECAF: Self-destruct Code Counters Police Forensics
A couple of concerned citizens have created an application designed to protect computers from Microsoft’s Computer Online Forensic Evidence Extractor (COFEE) toolkit.
The COFEE suite is a plug and play toolkit that allows investigators to run 150 forensic tools from a USB stick. The script scans files and retrieves information about the user’s online and offline activities.
Things became interesting when COFEE was submitted to Cryptome and widely shared through Bit Torrent last month, giving everyone access to the software, not just “trusted” law enforcement officials.
The counter-COFEE software, which has been appropriately named DECAF, monitors a computer for signs of COFEE operation. If COFEE is detected, DECAF “erases all COFEE logs, disables USB drives, and contaminates or spoofs a variety of MAC addresses to muddy forensic tracks.”
[Wired]
Related posts:
- Qbo open source code robot runs on Linux OS What's so special about the Qbo robot? Well, it runs...
- Online Gaming Audience in Japan Jumps 28% in Past Year comScore, Inc. has released a study of online gaming in...
- Microsoft Introduces New Zune Media Player Zune, Microsoft Corp.’s end-to-end digital entertainment service and media player,...
- Barnes & Noble Nook Hacked Into Web Tablet A development that will surely worry Barnes & Noble execs...
Related posts brought to you by Yet Another Related Posts Plugin.