Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Sign in to follow this  
lord_casek

DECAFinate your COFFEE-Security related

Recommended Posts

The goods:

http://www.decafme.org/

 

The letters strung together in semi coherent babble telling you why you

need this and what it do.

 

http://www.wired.com/threatlevel/2009/12/decaf-cofee/

 

 

Hackers Brew Self-Destruct Code to Counter Police Forensics

 

 

Hackers have released an application designed to thwart a Microsoft-packaged forensic toolkit used by law enforcement agencies to examine a suspect’s hard drive during a raid.

The hacker tool, dubbed DECAF, is designed to counteract the Computer Online Forensic Evidence Extractor, aka COFEE. The latter is a suite of 150 bundled, off-the-shelf forensic tools that run from a script. Microsoft combined the programs into a portable tool that can be used by law enforcement agents in the field before they bring a computer back to their forensic lab. The script runs on a USB stick that agents plug into the machine.

The tools scan files and gather information about activities performed on the machine, such as where the user surfed on the internet or what files were downloaded.

 

 

Someone submitted the COFEE suite to the whistleblower site Cryptome last month, prompting Microsoft lawyers to issue a take-down notice to the site. The tool was also being distributed through the Bit Torrent file sharing

 

 

This week two unnamed hackers released DECAF, an application that monitors a computer for any signs that COFEE is operating on the machine.

According to the Register, the program deletes temporary files or processes associated with COFEE, erases all COFEE logs, disables USB drives, and contaminates or spoofs a variety of MAC addresses to muddy forensic tracks.

The hackers say that later releases of the program will allow computer owners to remotely lock down their machine once they detect that it has fallen into law enforcement hands. The hackers, however, have not released source code for the program, which would make it easy for anyone to see if the program contains malware that might also harm a computer or allow the attackers to take control of it.

Update: The developers of DECAF have taken issue with Threat Level referring to them as hackers. “We’re just two developers who support the free flow of information and privacy,” one of them wrote Threat Level in an anonymous e-mail. “You could say we’re just average joes.”

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Some tits below:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

nice-tits-7825341.jpg

Share this post


Link to post
Share on other sites

Re: DECAFinated your COFFEE-Security related

 

read about COFEE, if the cops have your computer, isn't it just a matter of time before they can get whatever evidence they need, i mean short of melting your hard drive remotely, i don't think they would have a hard time restoring any data or anything like that

Share this post


Link to post
Share on other sites

"Average joes", haha.

 

This is another good case for off site backup. They should code something into DECAF that zeros the drives out if the LEOs try to counter the countermeasures.

Share this post


Link to post
Share on other sites

Re: DECAFinated your COFFEE-Security related

 

read about COFEE, if the cops have your computer, isn't it just a matter of time before they can get whatever evidence they need, i mean short of melting your hard drive remotely, i don't think they would have a hard time restoring any data or anything like that

 

 

If it's written over a bunch, it can hinder things. If you use kevin rose's technique

you'll be good.

Share this post


Link to post
Share on other sites

Re: DECAFinated your COFFEE-Security related

 

If it's written over a bunch, it can hinder things. If you use kevin rose's technique

you'll be good.

 

What about a JBOD? If you wipe one disk in the array it screws up the whole data table, right?

Share this post


Link to post
Share on other sites

arent you legally supposed to be given some headsup before they come into your house and touch all your stuff?

Share this post


Link to post
Share on other sites
arent you legally supposed to be given some headsup before they come into your house and touch all your stuff?

 

:lol: :lol:

like when they kick your door down? that kind of heads up?

Share this post


Link to post
Share on other sites

I aint got shit on my computer....its called a fun lil hard drive deletion program named Boot Nuke.

 

 

:edit: Although I dont keep incriminating crap on my computer anyways. I boot nuke for performance reasons.

Share this post


Link to post
Share on other sites
:lol: :lol:

like when they kick your door down? that kind of heads up?

 

better then nothing. you can atleast stick chewed up gum into all your USB slots, im more worried about them coming while im off at work or something.

Share this post


Link to post
Share on other sites

Seriously. If you are worried about the cops searching your hard drive you have issues and should be either up on this type of software or locked up. Or just smart enough to not keep incriminating shit on your computer.

Share this post


Link to post
Share on other sites
haha, its funnier when you know the things that lead to this.

 

 

With the Patriot Act being in place, sneak and peaks are more common than one might think.

 

A persistent cop in a larger city may take advantage of such things.

  • Like 1

Share this post


Link to post
Share on other sites
With the Patriot Act being in place, sneak and peaks are more common than one might think.

 

A persistent cop in a larger city may take advantage of such things.

 

lead read as led not leed.

Share this post


Link to post
Share on other sites
Guest T14K

DECAF, which supposedly disabled Microsoft's COFEE forensics tool, has been revealed as an elaborate hoax by its creators. Looks like it was created to draw attention to the fact that COFEE is actually not as effective a tool as they'd like—in fact, the hoaxers view COFEE as vastly inferior to properly trained forensics experts. So, we, like everybody else, got duped. Seems to us that software that actually could defeat COFEE would be make a stronger statement than a hoax, but we'll never know now. [seattle P-I]

link directly to this page:

http://gizmodo.com/5430123//gallery/gallery/2

read more: #remainders, #gizmodoremainders, #xperiax10, #android, #threewalrusmoon, #verizon, #iphone, #cofee, #decaf

Share this post


Link to post
Share on other sites

Register for a 12ozProphet forum account or sign in to comment

You need to be a forum member in order to comment. Forum accounts are separate from shop accounts.

Create an account

Register to become a 12ozProphet forum member.

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×