Cryptome posts Microsoft COFEE forensic toolkit

Computer Online Forensic Evidence Extractor (COFEE) is a modified USB flash drive for investigators for quick extraction of forensic data from Windows computers that are suspected to contain evidence of criminal activity. It allows investigators to search through data onsite as an automated forensic tool. The device, developed by Microsoft, is activated by being plugged into a USB port, and purportedly contains 150 commands that can dramatically cut the time it takes to gather digital evidence (estimates cited by Microsoft state that a job that previously took 3-4 hours can be done with COFEE in as little as 20 minutes]). These commands offer such functions as the ability to decrypt passwords, search a computer's Internet activity, and analyze the data stored on a computer — including data stored in volatile memory, which could be lost if the computer were shut down for transport to a lab. Microsoft provides COFEE devices and online technical support free to law enforcement agencies.

wiki COFEE

COFEE by Microsoft

and now you too can have your own copy of COFEE by visiting the link below:

uncompiled

This is all over the torrent scene as well. It had piqued the interests of many who deal with network/IT security but it is highly overrated. I think a lot of people were expecting a toolbox which delved a bit deeper into forensics and investigations. Yes it is handy but its a dressup for tools that already exist but are presented with a GUI to help the less mentally fortunate (read government/law enforcement folks). I still prefer Helix myself for incident response and the like, but you can never have enough tools.

brill

stolen laptop was taken from the victim’s place of business but wasn’t reported to Absolute Software for several months. When the Absolute Investigations team began monitoring the device, it was determined to be connecting from Kosovo. Further investigation revealed the laptop resumed connections in Switzerland, and evidence was collected identifying a location and suspected user. Thanks to the summary provided by the Absolute Investigations team, Swiss authorities were then able to recover the device and return it to the owner. 

A reliable forensic recovery tool can be a nice complement to existing data recovery plan. most popular computer forensic tools and equipment described in the article www.cleverfiles.com... This advanced approach is aiding law enforcement in criminal investigations, while helping organizations add another layer of reliability to their backup plans. Forensic recovery helps IT specialists recover data that has been accidentally deleted, intentionally erased, or damaged through corruption.