HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
Downloading and using software intended for law enforcement use only is a really bad idea. Seriously.
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Microsoft COFEE, the Most Illegal Stuff You Can Pirate?
- Thread starter HardOCP News
- Start date
Madalienmonk
Limp Gawd
- Joined
- Jul 7, 2006
- Messages
- 163
Not really. The program does what a collection of freeware can do already, just in one program made for law enforcement who don't have time to run multiple programs.
stop!theradio
2[H]4U
- Joined
- Jul 13, 2007
- Messages
- 3,523
Oh man, this is just too funny. Seriously folks real depts don't need or use this bs software but it does go to show the lengths to which a corporation will go to cooperate with law enforcement. I know for a fact that the pen and data analysis tools used by high tech task forces in major depts( i.e. LA, NY, not some podunk sheriff county dept) are either freely available or hand-rolled software... you just have to have the skill or training to use them.
Precisely..."MADE FOR LAW ENFORCEMENT". It's exactly what it sounds like
as in major antivirus/antispyware suites will overlook it? (not that i have anything to hide
)
Diablo2K
Supreme [H]ardness
- Joined
- Aug 10, 2000
- Messages
- 6,794
This is exaclty why leaving back doors in encryption so law enforcement can still access it is a bad idea. Might as well not encrypt anything if people can just download software to bypass it, even if it is "MADE FOR LAW ENFORCEMENT"
And I am sure that the "FREEWARE" versions of it are also not legal as there just renamed versions of COFEE basicly.
And I am sure that the "FREEWARE" versions of it are also not legal as there just renamed versions of COFEE basicly.
messerchmidt
Gawd
- Joined
- Nov 2, 2005
- Messages
- 615
not the most, but its up there.
- Joined
- Jun 27, 2001
- Messages
- 15,814
trucrypt ftw
...doesn't help much if a rootkit designed for law enforcement is logging your keys and copying your hashes (don't know if those can specifically do this).
- Joined
- Jun 27, 2001
- Messages
- 15,814
na if you read the article it sounds like its just meant to get you into a machine after it has been collected as evidence...
basically like what you could do with say, a Hiren's boot cd... just from MS
UrielDagda
2[H]4U
- Joined
- Nov 16, 2004
- Messages
- 2,844
Except it's made by the company that makes the OS most people are using.. So it makes one wonder what MS has programmed into the OSs to specifically work in conjunction with COFEE to subvert any security software added to the OS, as well as probably acting as a universal passkey to bypass any Microsoft designed security software.
Damn, maybe I'd better stop before I wind up sounding like a tin foil hat wearing mofo.
I'm just not very keen on close corporate/government relationships. It just seems in those situations the little guy winds up taking it in the ass in some way every time.
- Joined
- Jun 27, 2001
- Messages
- 15,814
Except it's made by the company that makes the OS most people are using.. So it makes one wonder what MS has programmed into the OSs to specifically work in conjunction with COFEE to subvert any security software added to the OS, as well as probably acting as a universal passkey to bypass any Microsoft designed security software.
Damn, maybe I'd better stop before I wind up sounding like a tin foil hat wearing mofo.
I'm just not very keen on close corporate/government relationships. It just seems in those situations the little guy winds up taking it in the ass in some way every time.
not really any less secure than going to a linux box in single user mode and resetting the root password...
face it ANY os in its vanilla state is going to be pretty easy to get into if you have the box in front of you... hell you can just take out the HD and put it in a USB enclosure and get whatever you want off of it 99% of the time
That's nice of the article to say, however they fail to mention which law one would be breaking via the use of such software.
Could someone please enlighten me on this subject? I use software with similar functionality all the time in my job for legitimate data recovery purposes, is there really a law which specifically names the techniques utilized by such applications? Or is this one of those vague cases were the intent is defined somewhere under law, more so than the technical specifics?
In any case, could somebody please find the law these people are alluding to. Truly, I want to know.
Mr. Bluntman
Supreme [H]ardness
- Joined
- Jun 25, 2007
- Messages
- 7,101
inotocracy
Supreme [H]ardness
- Joined
- Jul 25, 2004
- Messages
- 5,625
Trucrypt isn't written by MS and is based on open encrypted standards. This "COFEE" software wouldnt be helpful with a trucrypt partition.
vxspiritxv
[H]ard|Gawd
- Joined
- Feb 10, 2001
- Messages
- 1,610
I use linux loopback aes-256 with 20 character strong password. It's where I keep my nuclear weapons how-to guide.
skipsargent
Limp Gawd
- Joined
- Apr 23, 2009
- Messages
- 146
I'll weigh in on this just for the fun of it. I spent 10 years working as the Director of Information Technology for a County in the Midwest. During that time I worked very closely with the Sheriff's Dept, on several occasions assisting with the collection of forensic data on computers. I also gave lectures to LEOs on how to gather electronic evidence at crime scenes and the proper protocols and procedures that they should use. They were also taught how to recognize what "is" electronic evidence (you can all imagine how many gadgets can store data). All of my training materials were provided to me by the FBI and Secret Service, they have some great publications and field guides. I also was a guest lecturer on forensics at a near by college and wrote my own bootable Linux forensics toolkit CD. So I'd like to think I have a bit of experience in the area.
In the world of local law enforcement many of the comprehensive tool suits such as Encase are very cost prohibitive. Things like portable disk duplication hardware with write blockers can end up costing thousands of dollars for a single kit. So free tools are looked at with great interest. COFEE is one such tool. Sure there are plenty of freeware and GPL products that can do the same things, but what local LEO's do not have in most cases is dedicated personnel who can take the time out from their regular duties to learn to use these applications and to keep up with developing technology. Another important aspect of the tool suites is the report generating, keep in mind that you need to be able to produce evidence in a way that can be presented to a judge and jury in most cases. Being easy to read, follow and understand is essential. It also helps greatly if the suite has been used in other cases around the country that you can use for citations. Meaning that it has been successfully court tested.
Is software like this illegal to use? Well that depends. As with most things intent has a lot to do with it. Accessing somebody else's machine without permission, this will get you into hot water. Using a forensic tool to recover lost data for a client who owns the machine, not at all.
I can't say as to whether using COFEE for legitimate purposes without being a LEO would get you into trouble or not. I guess that would depend on if the EULA is enforcable or not where you live.
In the world of local law enforcement many of the comprehensive tool suits such as Encase are very cost prohibitive. Things like portable disk duplication hardware with write blockers can end up costing thousands of dollars for a single kit. So free tools are looked at with great interest. COFEE is one such tool. Sure there are plenty of freeware and GPL products that can do the same things, but what local LEO's do not have in most cases is dedicated personnel who can take the time out from their regular duties to learn to use these applications and to keep up with developing technology. Another important aspect of the tool suites is the report generating, keep in mind that you need to be able to produce evidence in a way that can be presented to a judge and jury in most cases. Being easy to read, follow and understand is essential. It also helps greatly if the suite has been used in other cases around the country that you can use for citations. Meaning that it has been successfully court tested.
Is software like this illegal to use? Well that depends. As with most things intent has a lot to do with it. Accessing somebody else's machine without permission, this will get you into hot water. Using a forensic tool to recover lost data for a client who owns the machine, not at all.
I can't say as to whether using COFEE for legitimate purposes without being a LEO would get you into trouble or not. I guess that would depend on if the EULA is enforcable or not where you live.
I know, but you have to use your credentials to encrypt or access the data encrypted by it, which can easily be stolen with OS tools.
Coffee is simply to collect data of people doing stupid stuff, not computer criminals. Usually the guys seizing your stuff if you have done something stupid with viri or hacking into a bank etc... is the secret service as part of their counterfeiting tasking. It also cuts down on the human errors that can get a case thrown out because they can't prove that the evidence on the device was put there by the defendant.
The guys you want to worry about are the they guys pulling using an emi scan of you hard drive then going over the data with a hex reader to see what is there. As part of the DC3 2009 Challenge, which I still think is mostly to find new job candidates, they gave us a bunch of files and told us to find out anything we could and write down the methods and tools we used. Most of the data was easy to pull just using something like reshack or an ide that can parse binary into hex data. I mostly use reshack to build a modified gina. But the funny thing is that this also prevent most of the simple solutions to getting into the machine, as long as you rebuild the GINA and replace the MSGINA.
Not that would stop someone who was determined enough to get into the machine. As any system that requires interaction can be broken into and any device that requires an electronic lock has the key in it already.
The guys you want to worry about are the they guys pulling using an emi scan of you hard drive then going over the data with a hex reader to see what is there. As part of the DC3 2009 Challenge, which I still think is mostly to find new job candidates, they gave us a bunch of files and told us to find out anything we could and write down the methods and tools we used. Most of the data was easy to pull just using something like reshack or an ide that can parse binary into hex data. I mostly use reshack to build a modified gina. But the funny thing is that this also prevent most of the simple solutions to getting into the machine, as long as you rebuild the GINA and replace the MSGINA.
Not that would stop someone who was determined enough to get into the machine. As any system that requires interaction can be broken into and any device that requires an electronic lock has the key in it already.
Flexion
[H]ard|Gawd
- Joined
- Jul 20, 2004
- Messages
- 1,607
Damn, maybe I'd better stop before I wind up sounding like a tin foil hat wearing mofo.
Dang ROFL!!!