First published: 14th November 2009
Microsoft's free law-enforcement-only live forensics tool, COFEE, has been posted to a file-sharing site, in violation of the license conditions. Microsoft has downplayed the leak, Richard Boscovich, senior attorney for Microsoft's Internet Safety Enforcement Team said, "we do not anticipate the possible availability of COFEE for cybercriminals to download and find ways to 'build around' to be a significant concern", adding that it is a simple, customisable collection of forensic tools, "already commonly used around the world".
Graham Cluley, Senior Technology Consultant at Sophos, asked in his blog, "what's to say that the bad guys couldn't analyse COFEE, and write their own code which neutralises it (or wipes sensitive data from their computer) if they determine it is being run on their own computer?".
Hong Kong Police were an early adopter of COFEE.