where to get a copy of working forensics COFEE

Where can I get a working copy of the forensics tool COFEE?

I've got a copy from Wiki leak but when trying to run the msi, it says "incorrect parameter".
Can't locate it in MS site.
sunhuxAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
It is for law enforcement use and not general public. Need to request for latest copy.
In cooperation with our partners, we will continue to work to mitigate unauthorized distribution of our technology beyond the means for which it’s been legally provided and, again, would strongly discourage people from downloading unauthorized versions of the tool.  As always, law enforcement wishing to use COFEE can safely get the latest released version of the tool free of charge through the established channels with both NW3C and INTERPOL by contacting NW3C at www.nw3c.org or INTERPOL at cofee@interpol.int.
https://blogs.technet.microsoft.com/rhalbheer/2009/11/10/cofee-freely-downloadable-on-the-internet/
1
sunhuxAuthor Commented:
Any suggestion on what are justifications when requesting for it?   We want it for in-house banking forensics purpose n we tot by using it to collect forensics data, we can just pass the data to MS  whom we hv support contract for investigations when the need arises.

We downloaded a copy which when we ran the unzipped msi, it gave a message  Incoorect Parameter and it won’t run
0
btanExec ConsultantCommented:
You can try your luck but unlikely to have that since you are not LE. But since it is still for the public interest, you may consider the justification towards helping to reduce cybercrime and eFraud/Scam. I believe that they wanted to have a restricted circulation list of recipients.
On the error, it is likely the software issue, meaning a newer version is needed. Take a look at past correspondence though it stated some means as workaround. Not sure if that still stands as it is a rather old version ..
https://wikileaks.org/wiki/Talk:Microsoft_COFEE_(Computer_Online_Forensics_Evidence_Extractor)_tool_and_documentation,_Sep_2009
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sunhuxAuthor Commented:
Ok that fix works;  just realized it's meant to be run from a USB for collection of data but our PCs USB ports are all blocked.
In the event of a compromise, we'll likely disconnect the PCs from network so we probably won't have a chance to enable
back the USB (which we control using Digital Guardian tool).

So without USB, does COFEE still serve the purpose ?
0
btanExec ConsultantCommented:
Good that you have the device control in place. In any case, if you will to use COFEE, it would mean the machine need some investigation so it is better to isolate it. Whether how effective this tool is, it is always a good practice to have second opinion (or tool) to verify data especially it is to form a chain of custody. Otherwise, I see it is good as it stands to offer what it has.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.