Comments on: Want Some COFEE? Microsoft Computer Online Forensic Evidence Extractor

By: Morgan Storey

Morgan Storey — Sat, 16 Aug 2008 09:40:50 +0000

Hmm helix looks good akin to Knoppix STD (There was a good distro, shame it hasn’t been updated much), I’ll have to give it a go. I remember I posted on this ages ago with my Changlinn moniker, I changed to my real name as there is no point, I am the only one that uses Changlinn so it is easy enough to trace back to me.
I saw some of these windows tools, they are horribly crippled compared to their OSS counterparts. Netmon, pahlease give me wireshark and libpcap capable routers anyday.

By: lyz

lyz — Wed, 13 Aug 2008 11:32:40 +0000

Helix.. Yah. I heard about that great tool too. Added tools you can use in forensics, the FTK imager, Mediawiper, and Firefly write blocker.

By: Howard

Howard — Wed, 21 May 2008 04:23:53 +0000

Mr davenix……..Please explain

By: davenix

davenix — Tue, 20 May 2008 23:48:33 +0000

I am guessing 3/4 of you are total fanboy, script kiddy douchenozzles…and the other 1/4 are IT managers who know nothing.

By: Howard

Howard — Sat, 17 May 2008 20:45:30 +0000

Let me ask the silly question….Would this be a good tool for the beginner because reading all of the comment it might have goods and bads….How did you learn,I fell on my but sometimes before succeding and I think most of us have.I am not an expert but a newbie that is still filtering and is loking for good training and if the case be falling software.I am reluctant to say good or bad but is it something we can learn from so we dont make up tools that are not the best in the land.

You know if I continue to listen to all here I will learn faster than any program,no one holds back excellant setup Darknet thanks

By: Robert Allen

Robert Allen — Thu, 15 May 2008 19:24:42 +0000

Don’t forget about Helix… http://www.e-fense.com/helix.

By: Pantagruel

Pantagruel — Wed, 14 May 2008 18:30:58 +0000

@ Roger Halbheer

Thanks for the added info, but I guess we are really more interrested in what you put on the stick.

By: Roger Halbheer

Roger Halbheer — Wed, 14 May 2008 14:07:01 +0000

Sorry, that I did not come back earlier. I had some days off and was on the road. You said that you want more info on my blog. I am not sure whether I cover all your needs (no, there is no list with all the commands) but there you go: http://blogs.technet.com/rhalbheer/archive/2008/05/14/support-for-law-enforcement-and-cofee.aspx
Roger

By: Mik3NL

Mik3NL — Tue, 13 May 2008 14:39:50 +0000

Does the term “U3 Switchblade” ring a bell to anyone here?

Needed:
———
* U3 USB key
* Universal Costumizer (for modding the U3 bootdisk)
* VNC/keyloggers/PWDump/nirsoft.net etc! (You get the picture!)
* some batch scripting power
* Windows machines with autorun enabled!
* Imagination!

No need for RT’s or anything..

By: eM3rC

eM3rC — Tue, 13 May 2008 04:22:42 +0000

Just thought I’d recommend a good program for those of you on a computer that you can log into and can run .msi/.exe programs.

Its called SIW.

This program will basically tell you about every aspect of the computer including saved password, registry keys used for all the software, WEP/WPA keys, hardware, etc etc. You get where I’m going with this.