Privacy Digest

NZ cops get 'COFEE' to capture PC evidence - New Zealand's source for technology news on - Via Stuff.co.nz :

New Zealand police have been given a small plug-in device that investigators can use to quickly extract forensic data from computers that may have been used in crimes.

The COFEE, which stands for Computer Online Forensic Evidence Extractor, is a prototype of a USB "thumb drive" that Microsoft has quietly distributed to a few law-enforcement agencies around the world.

A spokesman at police national headquarters said today: "Police have been issued with the COFEE tool by Microsoft and the E-Crime Lab's digital forensic analysts have been trained in the use of it".

New Zealand police had an excellent relationship with the software company, which had provided specialist training to digital forensic analysts and investigators, he said.

Overseas, experts in computer forensics have said the preconfigured, automated tool can carry out in 20 minutes, with the click of one button, 150 complex commands that previously required a manual process taking three to four hours.

Microsoft general counsel Brad Smith confirmed the device dramatically cut the time required to gather the digital evidence which is becoming more important in real-world crime, as well as cybercrime.

It can decrypt passwords and analyse a computer's internet activity, as well as data stored in the computer.

The tiny device also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence on site.

It was provided for free, Mr Smith told the Seattle Times newspaper, because the software company was working to help ensure that the internet stayed safe.

"It's basically a thumb drive that is like a Swiss army knife for law enforcement officials that are investigating computer crimes.

"If you're a law enforcement official and let's say you have access to a computer that might be used, for example, by a child predator, a lot of times they have information on their hard disk that's encrypted, and you've got that information off in order to have a successful investigation and prosecution.

"In the past, people would have to literally unplug the computer, they would lose whatever was in RAM. They'd have to transport it somewhere else, and it would take at least four hours, often more to get at the heart of the information."

COFEE was developed by Anthony Fung, a former Hong Kong police officer working as a senior investigator on Microsoft's internet safety team.

(Read Original Article - Via Stuff.co.nz .)

Editor: Thanks to a reader for this one.