Anti-COFEE tool DECAF revealed as spoof
Two developers said they created a tool, called DECAF, that compromises Microsoft's COFEE computer-forensics tool by killing its processes, disabling a computer's connection ports and even conjuring up fake MAC addresses. It's fake.
After numerous media outlets reported this week that there were delinquent hackers trying to thwart COFEE-assisted cyber-crime investigations, the DECAF developers on Friday revealed their creation as a publicity stunt. They said the COFEE tool Microsoft gives to police is luke-warm.
"We hope that as you realize this was a stunt to raise awareness for security and the need for better forensic tools that you would reconsider cutting corners on corporate security," the DECAF Web site now states. "Also, governments should not rely on a tool to automate the process of forensics but rather invest in the education of investigators and forensic tool experts."