Microsoft Tool Helps Police With Computer Forensics

Microsoft has developed a small computer tool that police can use to easily pull forensic data from computers used in crimes.

The device is called COFEE ( Computer Online Forensic Evidence Extractor ) and it is a USB “thumb drive” that has been tested by a small group of law-enforcement agencies since June 2007.

COFEE contains 150 software commands that cut the time required to gather computer evidence. Computer forensics is becoming more important in both real-world crime, as well as cybercrime. The tool can also break passwords; analyze a PC’s internet activity and other computer activities.

COFEE also eliminates the need to seize an entire computer, which typically involves disconnecting it from a network, turning off the power and possibly losing electronic data in the process. The portable device allows investigators to can scan PC’s for evidence on site.

More than 2,000 police officers and investigators around the world are using the tool, which Microsoft is providing for free.

Lisa Johnson, head of the Special Assault Unit in the King County Prosecuting Attorney’s Office said, “So many of our crimes today, just as our lives, involve the Internet and other digital evidence,” further noting that “A suspect’s online activities can corroborate a crime or dispel an alibi.”