I hardly lifted an eyebrow last month when Crunchgear discovered that Microsofts uber-secret forensic tool COFEE (note the singular "F") was leaked on the P2P sites. Primarily because, from my experience, these situations have been largely over-hyped. This circus has proved no different...
I finally got around to looking closer at this software today and am, once again, shaking my head at the amount of mis-information involved. The application itself appears to be nothing more than a wrapper for many tools which are commonly installed on windows by DEFAULT. Gizmodo gets the "FUD-of-the-week" award for the explanation of arp.exe, nbtstat.exe and net.exe as "super-illegal for the average Joe to use" -- GIVE ME A BREAK!
Bottom line: I was hoping MSFT let loose something exciting with this slip. Sadly though, it looks like the investigators are being left just as far in the dark as they always have. While providing a quick-and-easy method to generate report data, the tool doesn't go much farther beyond what a person could already do on their own with some fancy batch scripting.
Posts
0 comments:
Post a Comment