So when will some honest cop place this tool set on the web so that it can be examined by people who can actually test & vet it properly?

That will happen some where around half past never. However if the cops have a break in their schedule they may think about doing that sometime between 27 and 30:15 in the AP on Monday Mayuary 45th 2550.

Use Truecrypt.

... Microsoft announced its corresponding client-server application, Technical Evidence Analyser (TEA) which runs atop the desktop environment, Single-User Graphical Analysis Runtime (SUGAR).

How about Linux? FreeBSD? Solaris?

Or, more accurately EXT3 (4), JFS, XFS, or any of the more esoteric file systems?

"Running Linux sir? Must have something to hide!"

...and if you have your TrueCrypt protected harddrive mounted when the eh... bad guys barge in? Will they be able to open your locked windows, make a memory dump simply by inserting a USB device? How secure are you really?

..I would think so yes. After all, the first tool they would use is to mirror the drive....then give it a good whack with a baton.

Not all MS products only work with MS, you know maybe Windows may be able to connect to Novell one day, or Unix, maybe even a printer or two....who knows....

I guess it's pointless me using Bitlocker any more. With Vista 64 on a Core i7 with 8 GB Ram and fast RAID 0 disks performance was excellent. Other products might be "compatible" with 64 vbit vista but not native 64 bit. I had no choice on the 64 bit Vista, it's all Dell ship/support with Core i7 systems.

I'm sure some office somewhere in the world is going to lose his USB key with all this neat software on it. Unless there is access control within the toolset, it'll be on the web before the end of the year !

Let's face it, their systems are plagued by security holes.

I'd be more surprised if they *weren't* relying on secret backdoors built into windows. Considering that it *only* works on Windows, all the evidence points that way.

Seriousness aside though.

Microsoft Security & Security Forces : which are the most incompetent?

Microsoft allow hackers to steal your sensitive data. The security forces merely leave theirs lying around on trains. I'm not surprised they've teamed up.

Now perhaps the security forces can leave *your* sensitive data lying around on trains!

Depends what you mean by 'works'. If you mean 'secretly injecting and subsequently discovering incriminating evidence of a number of crimes including proving the owner to be both Lord Lucan and Jack the Ripper onto any non-Windows machine', then yes, it works...

Steve.

Obviously only suitable for use by a single detective at a time because there's only one F in Cofee.

Yes, but a USB stick is easier to insert where it belongs.

I would not trust any forensic tool unless it has been subjected to formal, published analysis, and neither should a court. For all you know it allows INSERTION of "evidence", or will compromise information integrity rendering it useless.

Call it "president Bush lost email" mode, that gives you an idea.

Fascinating detail: in almost 2 decades of operation, Microsoft has not managed to inspire trust in what it supplies ONCE. So, my apologies, but I can't trust such tools either so I look forward to the first cases brought with evidence so generated. It may be laughed out of court.

A copy will find itself on the net soon enough , then in a few days , all their tricks

will be known and soft spots it exploits , and within 5 days all that soft will be useless.

Cheer up .. we're about to have a good time with that toy kit. ; )

Ric

On the web???!!!!!!

Based on Plods Previous Performance the toolkit should be available quite soon, on a USB stick, on public transport

There have been backdoors in Windows for years.

See:

http://www.heise.de/tp/r4/artikel/5/5263/1.html

http://news.bbc.co.uk/1/hi/sci/tech/437967.stm

http://www.schneier.com/blog/archives/2007/01/nsa_helps_micro_1.html

Thanks for nearly making me wet myself.

See I totally forgot about the train angle, thanks for reminding me. In which case you're right it should show up soonish ™.

@AC 15:10. You're welcome, I'm here to help :-).

It's just a collection of already-available tools, packaged into a useful format. It's no more exciting or sinister than the Windows side of the Helix CD.

Sorry to intrude on your paranoid fantasies.