There is a lot of incorrect information going around the Internet right now about how Microsoft is helping out law enforcement with some forensic tools they are providing on USB drives. The tool is called COFEE (Computer Online Forensic Evidence Extractor), and over 2,000 of these handy little things have been given out to 350 different agencies. Their goal: to help collect data from PC’s that are part of an investigation.
Many sites out there are classifying this as the secret backdoor that we’ve all assumed has been in Windows since its conception. Some are claiming that in seconds the tool will hand over all of your passwords and decrypt any information on your hard drive. That’s an interesting concept, but not exactly how it works.
Ed Bott thankfully jumped all over the ridiculous assumptions people were making about how these tools worked. The original article from the Seattle Times even includes an update straight from a Microsoft spokeswoman saying that the tool “does not circumvent Windows Vista BitLocker encryption or undermine any protections in Windows through secret ‘backdoors’ or other undocumented means.“
Tools like this are not anything new, and merely automate the process of grabbing specific data from hard drives. There’s even a tool called USB Switchblade that can stealthily get system information, the local password database, Microsoft product keys, wireless network passwords, browser/email passwords, browsing history, and more. It can do all of that by plugging in a USB device and giving it about 45 seconds to run.
There really hasn’t been any details as to what the 150 tools on the device actually do, but you can bet it’s nothing that a forensics team can’t already do given a little more time. It’s said to do 4 hours worth of work in 20 minutes thanks to a lot of automation, but it’s not using any super-cool backdoors that only Microsoft knows about. Sorry, but I guess that secret backdoor is still resting safely in the Microsoft vault. I mean really, if I created an awesome backdoor in an operating system being used by hundreds of millions of people I wouldn’t go blatantly handing it out. I’d do something cool like start a website that only provides leaked info about products and services using information retrieved from top-secret PC’s. ;)
[part of the image via Future Lawyer]