DECAF
From Wikipedia
Detect and Eliminate Computer Assisted Forensics (DECAF) is a counter intelligence tool specifically created around the obstruction of the well known Microsoft product COFEE used by law enforcement around the world.[1] The tool does not however prevent access by other more advanced computer forensics tools and computers protected with DECAF can still be examined by non-COFEE tools.[2] On December 18, 2009, the authors remotely disabled the software, with the aim of convincing security professionals to "band together" to offer better support to government entities.[3] The tool was patched and re-enabled by a group called SOLDIERX on December 23, 2009.[4]
DECAF provides real-time monitoring for COFEE signatures on USB devices and running applications.[5] Upon finding the presence of COFEE, DECAF performs numerous user-defined processes; including COFEE log clearing, ejecting USB devices, and contamination or spoofing of MAC addresses.[6]
References
- ↑ Zetter, Kim (14 December 2009). "Hackers Brew Self-Destruct Code to Counter Police Forensics". Wired.com. http://www.wired.com/threatlevel/2009/12/decaf-cofee/. Retrieved 15 December 2009.
- ↑ "Reactivating DECAF in Two Minutes". Preorian Prefect. 18 December 2009. http://praetorianprefect.com/archives/2009/12/reactivating-decaf-in-two-minutes/. Retrieved 19 December 2009.
- ↑ "Game Over". decafme.org. 18 December 2009. http://decafme.org/. Retrieved 18 December 2009.
- ↑ "DECAF hacked and re-enabled by SX". SOLDIERX. 23 December 2009. http://www.soldierx.com/news/DECAF-hacked-and-re-enabled-SX. Retrieved 23 December 2009.
- ↑ "DECAF Detect and Eliminate Computer Assisted Forensics". DECAF. http://www.decafme.org/. Retrieved 2009-12-13.
- ↑ Goodin, Dan (14 December 2009). "Hackers declare war on international forensics tool". The Register. http://www.theregister.co.uk/2009/12/14/microsoft_cofee_vs_decaf/. Retrieved 15 December 2009.
External Links
This article related to a type of software is a stub. You can help Wikipedia by expanding it. |