sunhux
asked on
where to get a copy of working forensics COFEE
Where can I get a working copy of the forensics tool COFEE?
I've got a copy from Wiki leak but when trying to run the msi, it says "incorrect parameter".
Can't locate it in MS site.
I've got a copy from Wiki leak but when trying to run the msi, it says "incorrect parameter".
Can't locate it in MS site.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok that fix works; just realized it's meant to be run from a USB for collection of data but our PCs USB ports are all blocked.
In the event of a compromise, we'll likely disconnect the PCs from network so we probably won't have a chance to enable
back the USB (which we control using Digital Guardian tool).
So without USB, does COFEE still serve the purpose ?
In the event of a compromise, we'll likely disconnect the PCs from network so we probably won't have a chance to enable
back the USB (which we control using Digital Guardian tool).
So without USB, does COFEE still serve the purpose ?
Good that you have the device control in place. In any case, if you will to use COFEE, it would mean the machine need some investigation so it is better to isolate it. Whether how effective this tool is, it is always a good practice to have second opinion (or tool) to verify data especially it is to form a chain of custody. Otherwise, I see it is good as it stands to offer what it has.
ASKER
We downloaded a copy which when we ran the unzipped msi, it gave a message Incoorect Parameter and it won’t run