Over 10,000 customers served

Like us on Facebook Review us on Yelp Pin us on Pinterest Tweet us on Twitter Google Plus Follow us on Foursquare

310.948.0588 9415 Culver Blvd no.102 Culver City, CA 90232

DECAF renders Microsoft’s COFEE Obsolete

In retaliation against Microsoft’s Computer Online Forensic Evidence Extractor (COFEE), which frequently helps law enforcement officials extract data from password-protected or encrypted sources, two talented developers have created what they call “Detect and Eliminate Computer Assisted Forensics” (DECAF), to be used as a counter intelligence tool. It was specifically designed to thwart the Microsoft forensic toolkit. DECAF works by monitoring the computer it’s been installed on for any indications that COFEE may be operating on the machine and does everything in its power- which is quite a bit- to stop COFEE from getting through.

More specifically, the program goes about deleteing COFEE’s temporary files, killing its processes, erasing all COFEE logs, disabling USB drives, and even contaminating or spoofing a variety of MAC addresses in order to muddy its own forensic tracks. DECAF can be directed to disable almost every single piece of hardware on a machine while deleting pre-defined files in the background. The 181KB DECAF program even has a ‘Spill the cofee’ mode, in which it simulates COFEE’s presence, a kind of playing against the computer, to allow the user an opportunity to test his or her configuration before even putting the program to use.

The source code for DECAF has not been made available to the public as of yet, and this is because the authors fear it might be reverse engineered. This leaves it unclear as to  what else the tool might be capable of and whether or not it is completely safe to use. DECAF’s developers say they want future versions of the program to allow computer owners to remotely lock down their machine via text message or e-mail if they ever detect that it has somehow fallen into the hands of law enforcement. It will even be able to send out notifications to other parties in the case of such an emergency. Courtesy of  arstechnica.com

You might also be interested in:

Voted no.1 IT Sevices in Los Angeles

Top Rated Laptop Repair in Los Angeles!

9415 Culver Blvd. #102 Culver City CA 90232
(310) 948-0588 | info@marvistec.com
Mon-Fri 9:00am - 6:00pmSat 10:00am - 2:00pm