Decaf Coffee
December 15th, 2009
Most of you probably know about Microsoft’s tool they give law enforcement called COFFEE (Computer Online Forensic Evidence Extractor). I read over at the Internet Storm Center that some researchers released some proof of concept code called DECAF (Detect and Eliminate Computer Assisted Forensics). While, it’s a cool proof of concept evasion tool, I’m curious to know how a few things work such as the “on the fly power down” (does it just kill the power?)
All in all though, you can check out DECAF here, and if I get a chance to see how it works more I’ll update this post.