Update: All DECAF versions have been automatically de-activated. The authors have posted a manifesto that encourages people to cooperate for better computer security and support law enforcement under the banner of jesus.
As a follow up to the recent HTZ 8 aritcle reviewing COFFE: Hot piping COFEE enema, Wired has a story covering the release of DECAF, a tool for detecting and eliminating computer forensics software.
Hackers have released an application designed to thwart a Microsoft-packaged forensic toolkit used by law enforcement agencies to examine a suspect’s hard drive during a raid.
The hacker tool, dubbed Decaf, is designed to counteract the Computer Online Forensic Evidence Extractor, aka Cofee. The latter is a suite of 150 bundled, off-the-shelf forensic tools that run from a script. Microsoft combined the programs into a portable tool that can be used by law enforcement agents in the field before they bring a computer back to their forensic lab. The script runs on a USB stick that agents plug into the machine.
The police-only forensics tool made by Microsoft to capture forensics data from a live system has been leaked online. The tool, Coffee, has been the subject of much speculation by the tech media who now finally has a chance to see it. According to reports, it grabs process information, network data, user passwords, and all sorts of information. Could the methods needed to gather that data be exploited by others? Given Microsoft's security history the answer is most likely.
Admins at the torrent site what.cd in an act of betrayal and comedy refused to host the torrent because , “Suddenly, we were forced to take a real look at the program, its source, and the potential impact on the site and security of our users and staff,” said What.cd management in a statement." While the popo are scary, trying to stifle the spread of a program like this is clearly against the interests of the free flow of information, privacy, free speech, piracy, and everything else good on the internet (kidding)!
Have a tip for your editors? Send it to staff@h*ckbloc.org You can use our pgp key which can be found here.
Donate to hackbloc to help us keep it running!
Why You Should Donate
Tools, Actions, News, and more!!
hackthiszine@lists.hackbloc.org
Emails sent to the above address are publicly archived online. Want more privacy? Contact us at staff{at}hackbloc.org.
Article Deadline for Issue #14: N/A Release Date for Issue #14: N/A
HackBloc.org by The Hackbloc Collective is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License for those who respect property rights. For everyone else, you are free.