DECAF: Self-destruct Code Counters Police Forensics
A couple of concerned citizens have created an application designed to protect computers from Microsoft’s Computer Online Forensic Evidence Extractor (COFEE) toolkit.
The COFEE suite is a plug and play toolkit that allows investigators to run 150 forensic tools from a USB stick. The script scans files and retrieves information about the user’s online and offline activities.
Things became interesting when COFEE was submitted to Cryptome and widely shared through Bit Torrent last month, giving everyone access to the software, not just “trusted” law enforcement officials.
The counter-COFEE software, which has been appropriately named DECAF, monitors a computer for signs of COFEE operation. If COFEE is detected, DECAF “erases all COFEE logs, disables USB drives, and contaminates or spoofs a variety of MAC addresses to muddy forensic tracks.”
[Wired]
No related posts.
Related posts brought to you by Yet Another Related Posts Plugin.
No tags for this post.