By Preston Gralla, Contributing Editor, Computerworld |

About |

Seeing through Windows offers insightful, clear-eyed commentary about Microsoft and all its technologies, from Windows to mobile to Office and beyond. You'll also find breaking news, tips and tricks.

News Analysis

Who exactly is using Microsoft's new COFEE security tool?

Microsoft recently has been getting a lot of press for its COFEE investigative tool to help police officers gather digital evidence. The device is being used by 2,000 officers in 15 countries, reports the Seattle Times. But Microsoft won't reveal exactly which countries use the tool --- and it's not clear why.

The Seattle Times reports that Microsoft's Computer Online Forensic Evidence Extractor, (COFEE) is a USB thumb drive that

...contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer.

There's nothing dramatically new or magic about COFEE; primarily it gathers many existing tools onto a single thumb drive, and allows them to be used easily. Contrary to some conspiracy buffs, it doesn't offer a back door into Windows, or circumvent Vista's Bit Locker encryption. It's available to law-enforcement officials for free.

Microsoft says that the tool is designed only to be used by law-enforcement officers, and only when they receive proper authorization. Here's part of a statement Microsoft sent to me about COFEE:

COFEE is part of the tools and training that Microsoft provides to law enforcement around the world. It is designed to be used only in circumstances where proper legal authority has been given, such as a court ordered warrant. COFEE is reserved specifically for law enforcement.

The Seattle Times says that COFEE is used by 2,000 police officers in 15 countries, including Poland, the Philippines, Germany, New Zealand and the United States.

For some reason, though, Microsoft refuses to reveal what other countries use the device. There's a reasonable chance that it's being used in China, because according to Microsoft, COFEE "was first conceived in 2006 by Anthony Fung, formerly of the Hong Kong Cybercrime Police Unit, as a way to simplify the collection of critical volatile evidence at computer crime scenes."

As for what other countries use it, Microsoft remains mum. When asked for a complete list of governments using COFEE, a Microsoft spokesperson had this to say via email:

Unfortunately, we're unable to address that request at this time.

Draw your own conclusions; that's all the company will say.

Like this blog? Subscribe to the RSS feed!

Preston Gralla is a contributing editor for Computerworld and the author of more than 45 books, including Windows 8 Hacks (O'Reilly, 2012) and How the Internet Works (Que, 2006).

It’s time to break the ChatGPT habit