lord_casek Posted December 15, 2009 Share Posted December 15, 2009 The goods: http://www.decafme.org/ The letters strung together in semi coherent babble telling you why you need this and what it do. http://www.wired.com/threatlevel/2009/12/decaf-cofee/ Hackers Brew Self-Destruct Code to Counter Police Forensics Hackers have released an application designed to thwart a Microsoft-packaged forensic toolkit used by law enforcement agencies to examine a suspect’s hard drive during a raid. The hacker tool, dubbed DECAF, is designed to counteract the Computer Online Forensic Evidence Extractor, aka COFEE. The latter is a suite of 150 bundled, off-the-shelf forensic tools that run from a script. Microsoft combined the programs into a portable tool that can be used by law enforcement agents in the field before they bring a computer back to their forensic lab. The script runs on a USB stick that agents plug into the machine. The tools scan files and gather information about activities performed on the machine, such as where the user surfed on the internet or what files were downloaded. Someone submitted the COFEE suite to the whistleblower site Cryptome last month, prompting Microsoft lawyers to issue a take-down notice to the site. The tool was also being distributed through the Bit Torrent file sharing This week two unnamed hackers released DECAF, an application that monitors a computer for any signs that COFEE is operating on the machine. According to the Register, the program deletes temporary files or processes associated with COFEE, erases all COFEE logs, disables USB drives, and contaminates or spoofs a variety of MAC addresses to muddy forensic tracks. The hackers say that later releases of the program will allow computer owners to remotely lock down their machine once they detect that it has fallen into law enforcement hands. The hackers, however, have not released source code for the program, which would make it easy for anyone to see if the program contains malware that might also harm a computer or allow the attackers to take control of it. Update: The developers of DECAF have taken issue with Threat Level referring to them as hackers. “We’re just two developers who support the free flow of information and privacy,” one of them wrote Threat Level in an anonymous e-mail. “You could say we’re just average joes.” Some tits below: Quote Link to comment Share on other sites More sharing options...
Qawee Posted December 15, 2009 Share Posted December 15, 2009 Re: DECAFinated your COFFEE-Security related read about COFEE, if the cops have your computer, isn't it just a matter of time before they can get whatever evidence they need, i mean short of melting your hard drive remotely, i don't think they would have a hard time restoring any data or anything like that Quote Link to comment Share on other sites More sharing options...
shai Posted December 15, 2009 Share Posted December 15, 2009 "Average joes", haha. This is another good case for off site backup. They should code something into DECAF that zeros the drives out if the LEOs try to counter the countermeasures. Quote Link to comment Share on other sites More sharing options...
lord_casek Posted December 15, 2009 Author Share Posted December 15, 2009 Re: DECAFinated your COFFEE-Security related read about COFEE, if the cops have your computer, isn't it just a matter of time before they can get whatever evidence they need, i mean short of melting your hard drive remotely, i don't think they would have a hard time restoring any data or anything like that If it's written over a bunch, it can hinder things. If you use kevin rose's technique you'll be good. Quote Link to comment Share on other sites More sharing options...
shai Posted December 15, 2009 Share Posted December 15, 2009 Re: DECAFinated your COFFEE-Security related If it's written over a bunch, it can hinder things. If you use kevin rose's technique you'll be good. What about a JBOD? If you wipe one disk in the array it screws up the whole data table, right? Quote Link to comment Share on other sites More sharing options...
lord_casek Posted December 15, 2009 Author Share Posted December 15, 2009 I think so....a nice nuker would work Quote Link to comment Share on other sites More sharing options...
acer910 Posted December 15, 2009 Share Posted December 15, 2009 arent you legally supposed to be given some headsup before they come into your house and touch all your stuff? Quote Link to comment Share on other sites More sharing options...
Qawee Posted December 15, 2009 Share Posted December 15, 2009 arent you legally supposed to be given some headsup before they come into your house and touch all your stuff? :lol: :lol: like when they kick your door down? that kind of heads up? Quote Link to comment Share on other sites More sharing options...
ShortFuse Posted December 15, 2009 Share Posted December 15, 2009 I aint got shit on my computer....its called a fun lil hard drive deletion program named Boot Nuke. :edit: Although I dont keep incriminating crap on my computer anyways. I boot nuke for performance reasons. Quote Link to comment Share on other sites More sharing options...
acer910 Posted December 15, 2009 Share Posted December 15, 2009 :lol: :lol: like when they kick your door down? that kind of heads up? better then nothing. you can atleast stick chewed up gum into all your USB slots, im more worried about them coming while im off at work or something. Quote Link to comment Share on other sites More sharing options...
iloveboxcars Posted December 15, 2009 Share Posted December 15, 2009 haha, its funnier when you know the things that lead to this. Quote Link to comment Share on other sites More sharing options...
john_gacy Posted December 15, 2009 Share Posted December 15, 2009 HACKERS: SAVING CHILD PORN DOWNLOADERS EVERYWHERE Quote Link to comment Share on other sites More sharing options...
gasfacevictm Posted December 15, 2009 Share Posted December 15, 2009 Seriously. If you are worried about the cops searching your hard drive you have issues and should be either up on this type of software or locked up. Or just smart enough to not keep incriminating shit on your computer. Quote Link to comment Share on other sites More sharing options...
Swindle Posted December 15, 2009 Share Posted December 15, 2009 terrorists win Quote Link to comment Share on other sites More sharing options...
Cool Water Posted December 15, 2009 Share Posted December 15, 2009 You take the point. Quote Link to comment Share on other sites More sharing options...
Veritably Clean Posted December 15, 2009 Share Posted December 15, 2009 if cops raided my house i would just use this Quote Link to comment Share on other sites More sharing options...
lord_casek Posted December 15, 2009 Author Share Posted December 15, 2009 haha, its funnier when you know the things that lead to this. With the Patriot Act being in place, sneak and peaks are more common than one might think. A persistent cop in a larger city may take advantage of such things. 1 Quote Link to comment Share on other sites More sharing options...
~KRYLON2~ Posted December 16, 2009 Share Posted December 16, 2009 nice tits Quote Link to comment Share on other sites More sharing options...
iloveboxcars Posted December 16, 2009 Share Posted December 16, 2009 With the Patriot Act being in place, sneak and peaks are more common than one might think. A persistent cop in a larger city may take advantage of such things. lead read as led not leed. Quote Link to comment Share on other sites More sharing options...
TheoHuxtable.. Posted December 16, 2009 Share Posted December 16, 2009 Quote Link to comment Share on other sites More sharing options...
Guest T14K Posted December 19, 2009 Share Posted December 19, 2009 DECAF, which supposedly disabled Microsoft's COFEE forensics tool, has been revealed as an elaborate hoax by its creators. Looks like it was created to draw attention to the fact that COFEE is actually not as effective a tool as they'd like—in fact, the hoaxers view COFEE as vastly inferior to properly trained forensics experts. So, we, like everybody else, got duped. Seems to us that software that actually could defeat COFEE would be make a stronger statement than a hoax, but we'll never know now. [seattle P-I] link directly to this page: http://gizmodo.com/5430123//gallery/gallery/2 read more: #remainders, #gizmodoremainders, #xperiax10, #android, #threewalrusmoon, #verizon, #iphone, #cofee, #decaf Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.