Computer Online Forensic Evidence Extractor (COFEE)


  • The Seattle Times reported 4/29/2008 that Microsoft is distributing a USB Flash drive device that has 150 commands that can decrypt passwords, analyze Internet activity, analyze data that are stored in a computer and carry out other unspecified functions.
    If true, the existence of this software would appear to be a major security software risk for Microsoft operating systems.
    Interestingly, a search for COFEE turns up only references to coffee.

    Saturday, May 17, 2008 8:18 PM


  • Hello,


    I'm afraid that the report in the link you shared is not quite accurate.


    As you know, privacy is a key pillar of Trustworthy Computing at Microsoft and involves working to help place people in control of their personal information through effective business practices and privacy-enabling technologies. Microsoft regards the protection of personal identifiable information as a vital foundation of trust, and it regards customer trust as critical to the success of its business.


    COFEE is a framework that law enforcement can use to leverage publically available forensic tools to access information on a live Windows system.

    Please note, the tool is designed for use by Law enforcement only with proper legal authority. Moreover, COFEE does not circumvent Windows Vista BitLocker encryption or undermine any protections in Windows through secret “backdoors” or other undocumented means.


    Therefore, COFEE does not access a secret backdoor into Windows.


    I hope this helps. Thanks.



    Tuesday, May 20, 2008 2:22 AM