Computer Online Forensic Evidence Extractor (COFEE) Tool

        Computer Online Forensic Evidence Extractor (COFEE) is a tool kit, developed by Microsoft, to help computer forensic investigators extract evidence from a Windows computer. Installed on a USB flash drive or other external disk drive, it acts as an automated forensic tool during a live analysis.

      

             How to use ?

      The device is activated by being plugged into a USB port. It contains 150 tools and a graphical user interface to help investigators collect data.The software is reported to be made up of three sections. First COFEE is configured in advance with an investigator selecting the data they wish to export, this is then saved to a USB device for plugging into the target computer. A further interface generates reports from the collected data.

      COFEE includes tools for password decryption, Internet history recovery and other data extraction. It also recovers data stored in volatile memory which could be lost if the computer were shut down.

z    Check the below screenshots :

      

      

      The Folder is created in the pendrive , which contains the evidence report of the victim PC