DECAF – Detect and Eliminate Computer Assisted Forensics [COFEE]
- December 14th, 2009
- Posted in Tools
- Write comment or click if you like the post:
Worried about Microsoft’s COFEE? Now there is DECAF, a tiny application which will monitor Windows boxes and detect the presence of COFEE. There are lots of neat little features already enabled with this version. Check out their description:
DECAF is a counter intelligence tool specifically created around the obstruction of the well known Microsoft product COFEE used by law enforcement around the world.
DECAF provides real-time monitoring for COFEE signatures on USB devices and running applications. Upon finding the presence of COFEE, DECAF performs numerous user-defined processes; including COFEE log clearing, ejecting USB devices, drive-by dropper, and an extensive list of Lockdown Mode settings. The Lockdown mode gives the user an automated approach to locking down the machine at the first sign of unusual law enforcement activity.
DECAF is highly configurable giving the user complete control to on-the-fly scenarios. In a moments notice, almost every piece of hardware can be disabled and pre-defined files can be deleted in the background. DECAF also gives the user an opportunity to simulate COFEE’s presence by sending the application into a ‘Spill the cofee’ type mode. Simulation gives the user an opportunity to test his or her configuration before going live.
![decaff app settings DECAF Detect and Eliminate Computer Assisted Forensics [COFEE]](http://cdn.nukeit.org/wp-content/uploads/2009/12/decaff-app-settings.png "decaf-app-settings")
![decaf lockdown mode DECAF Detect and Eliminate Computer Assisted Forensics [COFEE]](http://cdn.nukeit.org/wp-content/uploads/2009/12/decaf-lockdown-mode.png "decaf-lockdown-mode")
Download DECAF, view more screenshots, and read more about it here:
http://decafme.org/
You should provide source code.
Yeah, I totally agree… But I didn’t write it.
source will be provided soon, we want to clean things up a bit as it was a hastily thrown together program
be patient
Very cool
I imagine most people are just concerned about the ‘hack tool’ label affixed by certain media outlets.
This is what everyone has been waiting for! Keep up the good work!
DECAF has now been removed, and according to the developers “do not feel its release would promote a positive move”.
I personally think this totally wrong, it is Microsoft who needs to get its act right. Sure enough DECAF can be misused but so can half of the tools on the internet. Hell, the internet can be abused itself and nobody is shutting it down.
Interesting development, especially considering how viral this went. I’m a bit surprised but also amused at the direction they decided to go. I don’t want to discredit the amount of time and effort put forth creating DECAF, but it doesn’t seem like the kind of thing that couldn’t be relatively easily replicated by an experienced coder… or even perhaps already circulating among groups farther underground than the scope of this blog or its readers.
decaf now can’t be download have you copy decaf or upload to another site, thanks
decafme.org is back up