Great effort was taken to ensure that the COFEE execution process leaves the smallest footprint possible on the target machine. This aids in the reliability of the collected data, as well as the integrity of the target machine. It is also vital that all operations conducted on a target machine be documented to the best extent possible. When applying Reconnaissance, Relevancy and Reliability to the live forensics investigationĮnvironment, it is paramount that any investigative tool used should operate in the least intrusive way.
In any digital forensics investigation, the investigator should always attempt to achieve the maximum amount of data acquisition while having a minimal effect on the integrity or accuracy of the data. In any digital forensics investigation, digital forensics specialists and legal advisors should ensure the balance between the three main attributes: Reconnaissance, Relevancy and Reliability of the digital evidence.
The command line application was developed for controlling and executing a set of selected tools on the target machine.ĭigital Forensics Attributes and Principles: The GUI interface was developed for managing the tool selection, generating scripts, loading programs onto a USB device, and creating a report from the collected data. Computer Online Forensic Evidence Extractor ( COFEE) is a live information and volatile data forensics acquisition system. There are two major types of live forensics investigation tools – Live Information Acquisition tools and Remote Online Acquisition tools.
Microsoft cofee v1.1.2 verification#
Access to the COFEE product requires verification of employment with a law enforcement agency and agreement to the terms and conditions of the Microsoft/ NW3C Sublicense Agreement.ĬOFEE consists of three major components: the GUI interface for the investigator, the command line application to be executed on the target machine, and the individual tools which are managed by COFEE and the command line application. Distribution is limited to law enforcement agencies.
COFEE means the Computer Online Forensic Evidence Extractor tool that fits on a USB drive and automates the execution of commands for data extraction and related documentation. MICROSOFT COFEE v1.1.2- is being made available to individuals employed by law enforcement agencies within the United States and Canada.
0 kommentar(er)
