Microsoft Digital Forensics Tool Leaks Online

A secretive Microsoft utility called Computer Online Forensic Evidence Extractor (COFEE) has leaked online. An automated digital forensics tool for law-enforcement agencies, COFEE isn't available legally to individuals.

"COFEE brings together a number of common digital forensics capabilities into a fast, easy-to-use, automated tool for first responders. And COFEE is being provided—at no charge—to law enforcement around the world," a description of the tool reads.

"With COFEE, law-enforcement agencies without on-the-scene computer-forensics capabilities can now more easily, reliably, and cost-effectively collect volatile live evidence," the description continues. "An officer with even minimal computer experience can be tutored—in less than 10 minutes—to use a preconfigured COFEE device. This enables the officer to take advantage of the same common digital-forensics tools used by experts to gather important volatile evidence, while doing little more than simply inserting a USB device into the computer."

Microsoft ships COFEE on a tiny USB device to law-enforcement agencies in almost 190 countries worldwide. The company has been working with Florida State University and University College Dublin to develop future versions of COFEE that can adapt to the evolving needs of digital forensics.

Security researchers point out that COFEE provides no useful tools for individuals, though of course it's possible that criminals might investigate how the code works to find ways around its capabilities.

The most important aspect of this story, of course, is that I avoided obvious headline puns such as "Microsoft COFEE Leaks Online," "Microsoft COFEE: HOT!" or "CSI: Redmond." You're welcome.