Microsoft's Forensic USB Key Not As Evil As First Thought
Redmond (WA) - The initial uproar over news of Microsoft’s forensic USB key appears to be misplaced. Microsoft has confirmed that the drive is just a compilation of publically available tools and adds that the USB-based toolkit does not "backdoor" or bypass any of Window’s security features.
Seattle Times reporter Benjamin Romano wrote about Microsoft’s COFEE (Computer Online Forensic Evidence Extractor) device yesterday. Microsoft’s General Counsel Brad Smith described the small USB thumb drive to more than 350 law enforcement officers at a company conference on Monday. Approximately 2000 officers are currently using COFEE which Microsoft gives away for free.
COFEE helps authorities copy sensitive data and contains 150 commands and tools that can analyze data and help decrypt passwords. Smith said police don’t need to physically seize a computer anymore with this device - they can simply pluck the data out and run.
As expected there was some backlash from the public. Some computer users feared the device could bypass all encryption which implicitly meant that Microsoft had inserted a backdoor into the operation system. Moreover, others believed the device could fall into the wrong hands.
Microsoft’s Smith and Associate General Counsel Tim Cranton followed up with the Seattle Times and described the device as basically a collection of publically available tools much like live security distributions such as Remote Exploit’s Backtrax CD (a great CD by the way). Cranton added that the device doesn’t contain any new tools, but is rather just an easy to use forensic tool. A Microsoft spokeswoman also told Romano that does not circumvent any operating system protections like Vista’s BitLocker.
So there you have it - Microsoft basically created a USB thumbdrive with a bunch of pre-existing security tools and probably goosed it up with a dialog box interface (Visual Basic anyone ??) Not really a big deal from a security viewpoint, but police departments are always strapped for cash and greatly appreciate any free tools they can get.
However, there is a big problem. There’s no mention of the COFEE device going through any discovery challenges in court. Many of the commercial forensic tools (like Encase and Access Data) have been used thousands of times in local, state and federal court and have survived numerous hearings and objections. It will be interesting to see how well this device is doing.
- AMD Promises "Completely Different" CPU Architecture To Succeed Barcelona
- SP3: A Little Windows Vista For Windows XP
- Major Music Labels Go After Music Streaming Site Playlist.com
- FSB Limits Exposed: Intel CPUs Don't Scale Very Well In UC Berkeley Test
- ITunes Store Turns 5: Can Anyone Break Its Dominance?
- Fourth Generation Of Samsung Blu-ray Players On The Way
- USB EVDO Card Hacked To Fit In MacBook Air
- More Bad News For Steve Jobs: Pixar's Ex-CFO Under SEC Scrutiny
- US Secretary Of State Admits Biofuels Raises Food Prices
- GTA IV: Assessing The Damage
- HP Labs Finds Breakthrough With Basic Element
- Scientists Create Malicious Hardware
- Judge Rejects RIAA Piracy Claims
- Nvidia To Replace Dated GeForce 6/7/8 WHQL Drivers Next Week
- Microsoft Messenger 7 For Mac: Screwed Up Again?
- Valve Releases Steamworks SDK Free Of Charge
- Boeing 787 Dreamliner Sees Light At The End Of The Tunnel
- Intel And Nvidia Co-sponsors In Parallel Programming Initiative
