Microsoft has offered official confirmation that a tool it is providing to forensics investigators has been leaked in the wild. Labeled Computer Online Forensic Evidence Extractor (COFEE) the solution is essentially a USB drive that bundles together several PC forensics utilities designed for law enforcement organizations. Ahead of the leak, Microsoft was offering COFEE in the United States via the National White Collar Crime Center (NW3C) distributor, and worldwide through the International Criminal Police Organization (Interpol) in no less than 187 markets. Now COFEE is available for download on BitTorrent trackers and warez websites.

“We have confirmed that unauthorized and modified versions of Microsoft’s COFEE tool have been improperly posted to bit torrent networks for public download. We strongly recommend against downloading any technology purporting to be COFEE outside of authorized channels – both because any unauthorized technology may not be what it claims to be and because Microsoft has only granted legal usage rights for our COFEE technology for law enforcement purposes for which the tool was designed,” noted Richard Boscovich, senior attorney, Internet Safety at Microsoft.

However, despite the tool being available in the wild, the software giant underlined that it was in no way worried that cybercriminals would take advantage of the leak and build mitigations in place in order to render the tool useless. Microsoft noted that the security tools built into COFEE were already widely available, and that the solution was only meant to streamline their usage. Specifically, investigators can be trained within minutes to use COFEE in order to extract precious information from a computer still running at the scene of a crime – data which can be lost in the eventuality of a shutdown or restart.

“ COFEE was designed and provided for use by law enforcement with proper legal authority, but is essentially a collection of digital forensic tools already commonly used around the world. Its value for law enforcement is not in secret functionality unknown to cybercriminals, its value is in the way COFEE brings those tools together in a simple and customizable format for law enforcement use in the field,” Boscovich revealed.