I've played around with the leaked COFEE a bit, and, well, it's not much to get excited about. It just automatically runs a large set of windows informational utilities (all of which are publicly available) and then generates a pretty report with the results from all of them.
That said, COFEE is extensible - you can easily add tasks that it should perform (and record the results of) on each machine, so a computer forensicist could easily add utilities to dump passwords or copy over certain files, and indeed, the manual's recommendation that 2GB of storage be available on the device it will log to suggests that they intend for COFEE to record more than the leaked version does (it only records about 600kb of info). Other things, like the presence of a reporting category called "Passwords", strongly suggest that MS intended (and perhaps implemented) functionality that is not included in the leaked version.
That said, the included validation documents from the National White Collar Crime Center only discuss the utilities included in the leak. Of course, those documents could have been modified, or there could be additional validation documents covering additional utilities not included in the torrent.
Techdirt has not posted any stories submitted by jcrawford.
Not so impressive
I've played around with the leaked COFEE a bit, and, well, it's not much to get excited about. It just automatically runs a large set of windows informational utilities (all of which are publicly available) and then generates a pretty report with the results from all of them.
That said, COFEE is extensible - you can easily add tasks that it should perform (and record the results of) on each machine, so a computer forensicist could easily add utilities to dump passwords or copy over certain files, and indeed, the manual's recommendation that 2GB of storage be available on the device it will log to suggests that they intend for COFEE to record more than the leaked version does (it only records about 600kb of info). Other things, like the presence of a reporting category called "Passwords", strongly suggest that MS intended (and perhaps implemented) functionality that is not included in the leaked version.
That said, the included validation documents from the National White Collar Crime Center only discuss the utilities included in the leak. Of course, those documents could have been modified, or there could be additional validation documents covering additional utilities not included in the torrent.