Agape Blog

A police officer rushes on to a crime scene, plays with the computer and executes some 150 evidence gathering commands in 15 minutes. A scene from CSI? No, this is a common scene for investigating police officers; thanks to Microsoft.

Microsoft had released a free tool (Beta version) called - Computer Online Forensic Evidence Extractor (COFEE), that can be loaded onto a portable device such as a USB drive. COFEE automates some 150 evidence-gathering commands for computers in short time. This tool was available only to law enforcement agencies to test the functionality and strength of the tool. Being a Microsoft product, COFEE is designed to extract information from Windows-based systems only.

The best part with the tool is that an officer with “no or basic training” can extract the data in about 15 minutes and maintain its integrity. It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence on site.

Many law enforcement agencies in around 15 countries, including Poland, Philippines, Germany, New Zealand and the United States have been using COFEE to crack a variety of online crimes and recover digital evidence. And seeing the success of the beta version, Microsoft has decided to roll out its release version soon, with more features.