Hackers Slays Microsoft’s Forensics Toolkit

Ok this is kind of good news for all of us. The Well Know Tool For Law Enforces Used ,Not Mostly, Microsoft-packaged forensic toolkit is now attackable.



The Tool is used by Law Enforcement agencies to keep a track on a computer of a hacker. But the great thing the Twist here is that a hacker or might be a group of hackers had worked hard on this tool to crack it down.


They were successful with a crack they built named DECAF. Its good to see here in this whole matter is that how the government use such a piece of crap that was cracked.


They should had made their own tool for the forensic usage and does not rely on the software which combines a suite of 150 bundled scripts , piled in one single script.


The tools scan files and gather information about activities performed on the machine, such as where the user surfed on the internet or what files were downloaded…


Someone submitted the COFEE suite to the whistleblower site Cryptome last month, prompting Microsoft lawyers to issue a take-down notice to the site. The tool was also being distributed through the Bit Torrent file sharing network.



What Do DECAF do actually at the COFFE is that first it deletes temporary files or processes associated with COFEE, second it erases all COFEE logs, Third it disables USB drives, and contaminates or spoofs a variety of MAC addresses to crash forensic tracks.


On This the Unknown Hackers Add by an email,

“We’re just two developers who support the free flow of information and privacy”

“You could say we’re just average joes.”


Ok we have got a screenshot of COFEE to for you guys. Enjoy !




UPDATE : Your copy of DECAF no longer works. Hackers have disabled it.