Police Can Seize Computer and Cyber Evidence Quicker and Easier

April 30, 2008 by David S. Seltzer

In a recent news article delivered to me by a friend of mine, Mark Mulroney, the technology used to search a suspect’s computer has taken a giant leap forward. No longer are police and investigators required to track cables, label machines, and photograph the exact location of every device. With this new device from Microsoft, the Computer Online Forensic Evidence Extractor, commonly referred to as COFFEE, law enforcement can literally have your information at their fingertips.

COFFEE is a USB thumb drive that contains 150 commands that can dramatically cut the time it takes to gather digital evidence, and decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer. What could have taken days, weeks, and months, to crack can now be done in a fraction of the time. What does this mean? Well let’s look at it from a law enforcement point of view.

For law enforcement, it means less time on scene taking down computers, and quicker analysis’ of machines (possibly depending on the purpose of the investigation), to name a few benefits. Therefore, faster turn-around time on pending investigations and prosecutions, and ultimately, it could lead to saving law enforcement a lot of time and money, which we all know they can use with budget cuts all over the country, especially in Florida.

What does this mean for the non-law enforcement individuals? Well, for now until the entire scope of what this device is capable of, not much will change. I am certain that this device will be challenged as to authenticity of the material recovered. I have yet to see how exactly is can re-create a clone or image of a hard drive, which is what is needed to preserve the integrity of a computer’s hard drive. It looks like all this does is a quick search of the drive for whatever the investigation calls for. Some interesting discussions that may follow as a result of this are whether or not inserting a thumb drive into a computer can trigger a virus, or alter any computer data, or trigger a program, which all can compromise data. I am sure Microsoft has explored all those possibilities, but as the world goes, so do technological advances and someone will figure out a way to trip this device up. It is inevitable. Food for thought, what happens if this gets in non-law enforcements hand, then what…?

For the more information on COFFEE, check out:

Microsoft device helps police pluck evidence from cyberscene of crime

Microsoft Calls on Global Public-Private Partnerships to Help in the Fight Against Cybercrime

Microsoft COFEE (Computer Online Forensic Evidence Extractor) for law enforcement