Law Enforcement Get Around Encryption With Microsofts Help
Microsoft has reportedly developed a USB key that allows investigators to extract forensic data from PCs. The tools called “COFEE” (Computer Online Forensic Evidence Extractor) comes in a USB key form factor, and was distributed to a small number of law-enforcement agencies last June. The device includes 150 tools that allow investigators to extract internet history files and “decrypt passwords”. COFEE also allows investigators to upload data for analysis.
The device is used by more than 2,000 officers in at least 15 countries, including Germany and the US. Microsoft supplies the technology to law enforcement agencies without charge. The tool reportedly allows investigators to scan for evidence on site without necessarily having to cart PCs back to a lab.
Computer forensics is a painstaking process carefully designed to make sure data on a suspect computer isn’t changed – simply plugging a device into a computer to extract data seems like a quick and dirty fix. The admissibility of such data in court in debatable even before we get into considering the possibility that the USB key might contain malware.
The extraction and analysis of digital evidence features in the investigation of more on more crimes, not just those specific to computers such as internet fraud and child abuse investigations. UK specialists said they’re struggling to cope with the volume of work from law enforcement clients. There’s a genuine problem here, but we’re not convinced COFEE is the solution.
Ironically, COFEE can not help investigators when Windows Vista is installed on suspect`s PC. COFEE can not decrypt files that were encrypted using BitLocker technology.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.