A counter-intelligence tool 'DECAF' has been released to defeat the use
of Microsoft's COFEE suite intended for computer forensic
investigations. DECAF has the following features (from their website):
It reminds me a bit of Netbus from all those years ago. It makes the job more difficult, but I admit is clever at the same time.
Update: Apparently DECAF was only a media stunt to increase security awareness and to attract attention to the need for better forensics tools.
- Contaminate MAC Addresses: Spoof MAC addresses of network adapters
- Kill Processes: Quick shutdown of running processes
- Shutdown Computer: On the fly machine power down
- Disable network adapters
- Disable USB ports
- Disable Floppy drive
- Disable CD-ROM
- Disable Serial/Printer Ports
- Erase Data: Quick file/folder removal (Basic Windows delete)
- Clear Event Viewer: Remove logs from the Event Viewer
- Remove Torrent Clients: Removes Azureus and BitTorrent clients
- Clear Cache: Remove cookies, cache, and history
It reminds me a bit of Netbus from all those years ago. It makes the job more difficult, but I admit is clever at the same time.
Update: Apparently DECAF was only a media stunt to increase security awareness and to attract attention to the need for better forensics tools.
