Microsoft device helps police pluck evidence from cyberscene of crime

Microsoft device helps police pluck evidence from cyberscene of crime

seattletimes.nwsource.com

Microsoft has developed a small plug-in device that investigators can use to quickly extract forensic data from computers that may have been used in crimes.

The COFEE, which stands for Computer Online Forensic Evidence Extractor, is a USB "thumb drive" that was quietly distributed to a handful of law-enforcement agencies last June. Microsoft General Counsel Brad Smith described its use to the 350 law-enforcement experts attending a company conference Monday.

The device contains 150 commands th

(visit the link for the full news article)

On one hand I can see where this device is useful, however I am not at all comfortable with anyone having a device that bypasses encryption of passwords and other security. Linux for all.

seattletimes.nwsource.com
(visit the link for the full news article)

I really don't like the idea that M$ is working with so many countries to undermine security of PC's. Think about the implications of this, Police have it, it can bypass your privacy, then used against you. Not to mention corporate theft, stealing information, the list goes on.

I'm going to watch this one with intense interest. I'm just wondering how this will be beaten by those more experienced in computers than those at MS.

TheBorg

I hadn't heard of this. Seems to me by giving these types of products away they unfairly undermine companies who charge big bucks for similar products or those knowledgeable to extract this data using available tools.

They are helping law enforcement either to corner the market or worse. I've always defended their practices in the past, but this one really bothers me. Maybe it is time Microsoft is truly broken up into smaller companies if this is what they want to pursue.

Smith acknowledged Microsoft's efforts are not purely altruistic. It benefits from selling collaboration software and other technology to law-enforcement agencies, just like everybody else, he said.

Once again Microsoft shows it's true colors, by giving some away and running the competition over. I would think being the creator of the O/S, collaborating with Law Enforcement would be illegal.

Potentially that would be equivalent of having law enforcement inside everyones computer, another words essentially giving Law enforcement a free ticket past our front doors and our bill of rights electronically inside everyones lives, homes, private space or private thoughts.

I wonder when Bill Gates said a computer in every household, if he meant a peeping cop in everyones living room? If Microsoft does betray its user base in that way and it is discovered they will become the most hated corporation in the history of the Earth.

Hmm, I'm gonna have to look further, Thanks for the post.


[edit on 30-4-2008 by verylowfrequency]

What scares me most about this is that M$ has always kept there API's private, they control the access points to the registry, so even using 3rd party software, it is very likely that any of their encryption can be bypassed by this device.

Essentially if you think you have your PC secured running Windows, you don't. I work in IT and I am very uneasy about this. I know that currently, the police have to have a warrant to access your computer if it is locked when they enter your house for whatever crime. With this, they can easily bypass that particular right.

Linux on the desktop needs to improve enough so that my kids can use it. Ubantu isn't bad, but still not quite ready.

www.networkworld.com...

An interesting read considering the topic here. Connection?

Originally posted by US Monitor
Think about the implications of this, Police have it, it can bypass your privacy, then used against you.

Yeah..............................................................


..................................................................ok.


Do you also have a problem with being pulled over for speeding, because it interferes with your privacy?

Originally posted by logician magician

Do you also have a problem with being pulled over for speeding, because it interferes with your privacy?

Yes, as a matter of fact I do - they're free to pull me over but they need to ask permission to open my glove box or rifle through my private things. As they don't have a god damn right to overstep their authority as they are our servants and good servants know their role.

However that is not what this thread is about and since it appears US Monitor's is in the computer biz as I too have been since 90' he knows what he's talking about and clearly either you don't care or you don't have a clue - unfortunately as the majority of people.

Obviously if you don't care about the concept of Search Warrants and then you won't care if any LEO enters you home anytime from anywhere without you permission. After all all LEO's have all of our best interest in mind don't they? Just like this state patrol cop. Would you trust him to pull you teenage daughter over? How about let him in her room? How about every room with a computer?

We have checks and balances to keep overzealous LEO's in check and to uphold the Constitution. Just because computers and networks were not conceived back then doesn't mean that they can be used as a means to bypass our rights and protections. Therefore it's important that we have public discourse on these matters, otherwise our rights will go down the tube.

However at this point the only thing I see as wrong is the anti-competitive behavior of Microsoft in regards the this matter. I don't think anyone is complaining about LEO's searching a computer with a legal search warrant in hand. I just don't think Microsoft should be sharing information or tools with them that it is not sharing with the rest of us - if they are than I think Microsoft is in for some deep trouble.

The fact that they are climbing into bed with Law Enforcement to somehow use that to get overlooked by our justice system is, scary. The rest is just speculation, however those of us who understand how they could abuse our trust this way think it's best to consider that before it becomes reality.

[edit on 1-5-2008 by verylowfrequency]

Originally posted by verylowfrequency

Originally posted by logician magician

Do you also have a problem with being pulled over for speeding, because it interferes with your privacy?

Yes, as a matter of fact I do - they're free to pull me over but they need to ask permission to open my glove box or rifle through my private things. As they don't have a god damn right to overstep their authority as they are our servants and good servants know their role.

I see. Do you think that a man who has been caught after a 10 minute high-speed chase should demand a search warrant for his laptop or cell phone?

reply to post by verylowfrequency

As they don't have a god damn right to overstep their authority as they are our servants and good servants know their role.

they are not " our " sevants in a singular sense - but the sevants of society as a whole

would you tell the police to sodd off , and leave you to murder your wife in peace ?

Originally posted by logician magician

I see. Do you think that a man who has been caught after a 10 minute high-speed chase should demand a search warrant for his laptop or cell phone?

Absolutely. Just because he abused his privilege to drive on the highway and ignored a request by a LEO to stop, he deserves to be charged with whatever crimes he has committed while attempting to evade them. He has only temporarily given up his freedom and by doing so means he will be arrested and a cursory search performed on his vehicle and it and it's contents if not illegal (drugs or weapons) will be impounded until such time that the suspect or his representatives choose to pick it/them up.

However if something is found in the cursory search of the suspect vehicle to lead them to believe there are other crimes which the LEO believes may be further exposed by searching phone records and computer files, they need to request a warrant from a judge to do so.

EDIT: On second thought if the fleeing suspect was seen using his phone, computer, or GPS while evading authorities such as for directions/support or live traffic info etc., then he was using those items as a tool to evade law enforcement and therefore they would be evidence to support that and thus subject too search. Still I think a warrant would be prudent.


[edit on 1-5-2008 by verylowfrequency]

[edit on 1-5-2008 by verylowfrequency]

reply to post by US Monitor


I don't know what passwords are those that it can decrypt, but if it can then those passwords were not encrypted in a good way.

For those that don't know it, system passwords (for example) like those on Unix/Linux or even Windows systems can not be decrypted, it's a one way system.

The password in not on the system, only the encrypted password. When we write the password this is encrypted using the same algorithm and compared with the encrypted password stored on the system.

The only way to do it is the "brute force" way, where all possible combinations are tested.

Reading the article, it says that "The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence", so it probably has some of the free tools that I use to do that kind of work (and other administrative work) on the computers for which I am responsible.

And that way of doing things can also be applied to Unix/Linux systems.

In fact, I hope that Linux does not get famous for being the system of choice of those that do not want the authorities nosing about their computers, that could lead to a direct connection; Linux system=anti-social user. That is much more dangerous, in my opinion.

Edit to add a link to a CNET article that explains it better that the article on the opening post.

[edit on 1/5/2008 by ArMaP]

Thanks ArMap for bringing this discussion back on track and with the new link that appears to quell our fears for the time being. Now I can quit with the paranoia for a couple days.

CNET Posted by Robert Vamos

Although Microsoft would not confirm any specific tools included within COFEE, it did say that all the tools were publicly available.

Several news reports have suggested that Microsoft is also providing law enforcement with new tools to defeat BitLocker in Windows Vista or access to a secret back door within Windows. A Microsoft spokesperson denied this, saying, "COFEE does not circumvent Windows Vista BitLocker encryption or undermine any protections in Windows through secret 'backdoors' or other undocumented means."

That pretty much answers our fears, however I'm sure it's not the end.

[edit on 1-5-2008 by verylowfrequency]

Originally posted by logician magician

Originally posted by US Monitor
Think about the implications of this, Police have it, it can bypass your privacy, then used against you.

Yeah..............................................................


..................................................................ok.


Do you also have a problem with being pulled over for speeding, because it interferes with your privacy?

Nice attempt there to use a strawman argument. I suggest you look up privacy rights as they pertain to computers. The potential for misuse, and we know the Police NEVER abuse there authority, is enormous.

reply to post by ArMaP


Thanks for the CNET link, the link I used originally came from slashdot.org.

The thing about Windows, is that MS does not disclose all there API's thus they keep the OS closed and it has been a focus of the anti-trust cases of both the US and EU. Unlike Linus which uses an open source kernal, MS uses a registry that MS keeps the source code hidden. Now I don't have a problem with that, but as we have seen, they do create unique paths for IE, Office, among other programs and I have no doubt that they have there own backdoors into the OS security.

Now since it is claimed by MS that all these tools are available, I would have to see a complete listing of these commands.

Although Microsoft would not confirm any specific tools included within COFEE, it did say that all the tools were publicly available. A quick search by CNET revealed several free Windows-based digital forensic tool kits available for download. These include:

This secrecy adds fuel to the fire that these are not fully available to the public. M$ has proven itself to be untrustworthy and I am not at ease over this at all.

I would also be interested to hear what protection there is for the recovered data? Is it timestamped? Is it read only with no chance for tampering with?

reply to post by US Monitor


You are mostly right about Windows, but there are some things that I think should be more clear.

Microsoft does not publish all the API functions, making it possible for them (the ones that know all the functions) to use functions that make their products better when compared with other products that can not use those unpublished functions.

Companies that want to know all the API functions must pay for them, and that was one of the things the EU analysed in their anti-monopoly case.

The fact that Microsoft does not publish all the functions does not make Windows "closed", even if they published them all Windows would still be "closed" (when compared with open source) because the source code would still be unpublished.

Also, the registry has nothing to do with open source, the registry is just a place (in fact four files, if I remember it well) where data about the system (computer name, hardware installed, software installed, etc.) is stored.

All Windows source code is kept for Microsoft's use only, as most companies do with their products, open source software is still a small percentage of the software used.

The secrecy about the tools is probably because, if they are really freely available, anyone could do the same with the same (or better) tools, but it does not help Microsoft's point.

As for the protection of the recovered data I don't think the police is much worried about it, this is just a copy of the original data, but, at least for raw text files, they say that SH1 or md5 checksums are generated, and these are unique values that can not be the same if the data is changed after.

reply to post by verylowfrequency


They sure as hell don't need to ask for permission to check those things if they feel a serious crime has just been committed by you.

To whomever has the issue with Microsoft's supposed "predatory practices", welcome to capitalism! Please enjoy your stay. The antitrust suit against them was utterly ridiculous and was done purely and simply because they had built too powerfull a financial empire. It had NOTHING to do with breaking any laws, because they didn't break any laws. Has McDonald's ever been forced to reveal the secret of their secret sauce to another struggling competitor? Is Ford or GM required to design their vehicles to be compatible with parts from other manufacturers? Does the law require Nintendo to unlock their consoles and provide propietary coding information to other game companies so games can be made and sold that work with the Wii but are not licensed by Nintendo? No, no, and no. It is mind boggling to me that anyone can defend the prosecution of Microsoft when the only thing they did was follow the American dream and succeed at it. Corporate socialism in action, folks! If the competition can't put out a product that is superior and starts struggling, just get the government to bust down the leading company until everyone is back on the same level.

I wonder if people expressed this kind of fear when fingerprinting was developed? Which company provided those fingerprinting kits to the cops? Were they by any chance the patent holders of fingerprints actually being on man's fingers? Did God provide the kits? Very disturbing stuff that will ensure a tumultuous night's sleep for me tonight.

Originally posted by burdman30ott6

They sure as hell don't need to ask for permission to check those things if they feel a serious crime has just been committed by you.

They sure the hell do if they want to continue their lives amongst us, we started this country because we were fed up with that bull crap. They need to follow our laws and stay within the scope of our Constitution and Bill of Rights because our Civil rights take precedence above all else , and unless they have some valid evidence beyond "feel" they will keep their god damn hands off of other peoples private property or find themselves in the place they were attempting to put us in - a 5x7 cell or 7' under.

I was done with this thread until that remark practically calling me a criminal for standing up for everyones privacy. You could have said "THEM" in your sentence, but instead you choose "YOU" as an attack on me personally. Attempting to separate me and calling me a criminal for my beliefs and support of freedom and privacy. In reality it is you and your beliefs that undermine our great country and you and your thoughts are criminal in my opinion. It is those who think like you that are responsible for the deaths of thousands of Jews in the NAZI concentration camps. It is those like me who will stand up to you to see it doesn't happen again.

I have no respect for the dirty bastards who feel its okay to infringe on a persons privacy without due process. Maybe its time we had a death penalty for those who infringe on the privacy of people and find nothing to back their claims. Maybe they would be a little more careful how they proceeded.


[edit on 2-5-2008 by verylowfrequency]