Hackers Release Anti-Forensics Tool


Microsoft’s Computer Online Forensic Evidence Extractor package, commonly known simply as COFEE and mounted on a USB key, has been countered by a tool released under the name of “Decaf.”

COFEE caused a stir when it was released to the web-based piracy world at large, with many sites hosting all kinds of dubious content eventually deciding that they’d be a lot happier if the software wasn’t there. Still, COFEE has been passed around a fair bit by now, so it’s not too surprising to see the Register reporting that COFEE has been cracked, with the release of Decaf effectively negating the tool.

Decaf is a relatively simple tool that users can set to run quietly in the background on any machine they’re using. All it does is sit tight until a USB stick with Microsoft’s COFEE is inserted, at which point it launches “a variety of countermeasures” that nullify the Microsoft forensics tool.

For those who have some reason to be particularly guarded about the contents of their machine, it’ll be welcome news, though many will question just why anyone would need such a device for any legal reason.

Still, the brains behind Decaf seem to consider it a point of principal, saying of the tool, “We want to promote a healthy unrestricted free flow of internet traffic and show why law enforcement should not solely rely on Microsoft to automate their intelligent evidence finding.”

Surely the most curious thing about the whole affair is that the tool comes from Microsoft itself, and that seems to be what the folks behind Decaf take issue with. If nothing else, we’ll be curious to see how long it takes before we hear that there’s a new version of COFEE in use that negates Decaf… it could be the beginning of a bit of a forensics/counter-forensics arms-race.

Tags: , , , , , , , , , , , ,

2 Responses to “Hackers Release Anti-Forensics Tool”

  1. Barry Says:

    I read about this yesterday, cant understand why they would make such a tool! Who would need a program such as Decaf, why stop law enforcement agencys from doing their jobs, every paedophile is going to have this, you see “hackers” taking down child porn websites then they bring out a tool…just for them!

    • komplettie Says:

      Yeah, I can’t think of a single legal reason to use it, but at the same time I have a really awkward feeling someone will post a great example of a reason it’s useful/attractive to people who aren’t guilty of any wrongdoing at all 😉

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: