The COFEE (Computer Online Forensic Evidence Extractor) is a USB thumb drive that was distributed to a handful of law enforcement agencies last June.
The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer.
It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence onsite.
More than 2,000 officers in 15 countries, including Poland, the Philippines, Germany, New Zealand and the U.S., are using the device, which Microsoft provides free.
Microsoft general counsel Brad Smith described its use to the 350 law enforcement experts attending a company conference Monday.
“These are things that we invest substantial resources in, but not from the perspective of selling to make money,” Smith said. “We're doing this to help ensure that the Internet stays safe.”
Smith compared the Internet of today to London and other Industrial Revolution cities in the early 1800s. As people flocked from small communities where everyone knew each other, anonymity emerged in the cities and a rise in crime followed.
“The social aspects of Web 2.0 are like new digital cities,” Smith said. Publishers, interested in creating huge audiences to sell advertising, let people participate anonymously.
That's allowing “criminals to infiltrate the community, become part of the conversation and persuade people to part with personal information,” Smith said.
Children are particularly at risk to anonymous predators or those with false identities.
“Criminals seek to win a child's confidence in cyberspace and meet in real space,” Smith cautioned.
Expertise and technology like COFEE are needed to investigate cybercrime and, increasingly, real-world crimes.
"So many of our crimes today, just as our lives, involve the Internet and other digital evidence," said Lisa Johnson, who heads the Special Assault Unit in the King County Prosecuting Attorney's Office. “A suspect's online activities can corroborate a crime or dispel an alibi.
“The 35 individual law enforcement agencies in King County, for example, don't have the resources to investigate the explosion of digital evidence they seize,” Johnson said. “They might even choose not to seize it because they don't know what to do with it. We've kind of equated it to asking specific law enforcement agencies to do their own DNA analysis. You can't possibly do that.”
Johnson said the prosecutor's office, the Washington attorney general's office and Microsoft are working on a proposal to the Legislature to fund computer forensic crime labs.
Microsoft also got credit for other public-private partnerships around law enforcement.
“Only 10 of 50 African countries have dedicated cybercrime investigative units,” Interpol's executive director of police services Jean-Michel Louboutin said. “The digital divide is no exaggeration. Even in countries with dedicated cybercrime units, expertise is often too scarce.”
He credited Microsoft for helping Interpol develop training materials and international databases used to prevent child abuse.
Smith acknowledged Microsoft's efforts are not purely altruistic.
“It benefits from selling collaboration software and other technology to law enforcement agencies, just like everybody else,” he said.
For more information, visit the Microsoft website.
