Microsoft makes digital forensics tool available to U.S. law enforcement agencies

Microsoft announced an agreement with the National White Collar Crime Center (NW3C) to distribute the Computer Online Forensic Evidence Extractor (COFEE). The NW3C is a nonprofit membership organization dedicated to supporting law enforcement agencies in the prevention, investigation and prosecution of economic and high-tech crime.

This agreement will make COFEE available to law enforcement agencies at no charge so they can better combat the growing and increasingly complex ways that criminals use the Internet to commit crimes.

A Microsoft-developed program, COFEE uses digital forensic technologies to help investigators gather evidence of live computer activity at the scene of a crime, regardless of their technical expertise.

A common challenge of cybercrime investigations is the need to conduct forensic analysis on a computer before it is powered down and restarted. Live evidence, such as some active system processes and network data, is volatile and may be lost while a computer is turning off. This evidence may contain information that could assist in the investigation and prosecution of a crime.

With COFEE, a front-line officer doesn’t have to be a computer expert to capture this volatile information before turning off the computer on the scene for later analysis. An officer with minimal computer experience can be tutored to use a pre-configured COFEE device in less than 10 minutes. This enables him or her to take advantage of common digital forensics tools the experts use to gather important volatile evidence while doing little more than simply inserting a USB device into the computer.

Law enforcement agencies can get COFEE from NW3C or by contacting INTERPOL at

Don't miss