In the middle of 2007, Microsoft developed a suite of applications called COFEE that allows police officers at crime scenes to extract forensic-quality digital evidence from computers with the aid of a USB stick.
That software leaked to the Web earlier in the year, to the delight of the hacker community, who immediately set about producing a suite of apps that anyone can run on their PC to protect themselves from Microsoft's evidence-collection tools. It's called DECAF, and has just been released on the Web.
We haven't used or analysed it to test whether it does what it says, so it's entirely at your own risk, but it's claimed that it contains a bunch of safeguards activated on the detection of files or processes that are associated with COFEE. It can disable USB drives, wipe temporary files and spoof mac addresses, among other things.
While Microsoft hasn't had any luck with its lawyers' attempts to get COFEE removed from public availability, this will further put the boot in to the usefulness of the software as an evidence recovery tool.