Microsoft has developed a small plug-in device that investigators can use to quickly extract forensic data from computers that may have been used in crimes. The COFEE, which stands for Computer Online Forensic Evidence Extractor, is a USB "thumb drive" that was quietly distributed to a handful of law-enforcement agencies last June. Microsoft General Counsel Brad Smith described its use to the 350 law-enforcement experts attending a company conference Monday.
The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer. It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence on site. More than 2,000 officers in 15 countries, including Poland, the Philippines, Germany, New Zealand and the United States, are using the device, which Microsoft provides free.
I already assume anything on my Windows partition can be seen by just about anyone who really wants to get at it. Whether that's the police, the NSA, or some hacker in Bucharest. Security under Windows is an illusion.
"How long before this device is in the hands of the hacker community? Months? Days? Hours? They had a copy before it was released?" - bruce_schneier
Z0MG!!1! ZER0 D4Y NETWERKZ INTRUZION \/\/4R3Z D00DZ!!!1!!! ;D