You definitely have heard of COFEE (Computer Online Forensic Evidence Extractor) which we make freely available to Law Enforcement through Interpol and NW3C. Now, the probably unavoidable happened and the tool leaked to the Internet. There was actually an interesting statement by ArsTechnica yesterday: Chances are you won't have any use for the tool, but pirates get a thrill from having something they shouldn't, and a forensics tool only distributed to police departments around the world is pretty high up on the list of things you shouldn't have on your computer.
To make our point clear, let me quote Richard Boscovich, senior attorney, Internet Safety at Microsoft Corporation:
We have confirmed that unauthorized and modified versions of Microsoft’s COFEE tool have been improperly posted to bit torrent networks for public download. We strongly recommend against downloading any technology purporting to be COFEE outside of authorized channels – both because any unauthorized technology may not be what it claims to be and because Microsoft has only granted legal usage rights for our COFEE technology for law enforcement purposes for which the tool was designed.
Note that contrary to reports, we do not anticipate the possible availability of COFEE for cybercriminals to download and find ways to ‘build around’ to be a significant concern. COFEE was designed and provided for use by law enforcement with proper legal authority, but is essentially a collection of digital forensic tools already commonly used around the world. Its value for law enforcement is not in secret functionality unknown to cybercriminals, its value is in the way COFEE brings those tools together in a simple and customizable format for law enforcement use in the field.
In cooperation with our partners, we will continue to work to mitigate unauthorized distribution of our technology beyond the means for which it’s been legally provided and, again, would strongly discourage people from downloading unauthorized versions of the tool. As always, law enforcement wishing to use COFEE can safely get the latest released version of the tool free of charge through the established channels with both NW3C and INTERPOL by contacting NW3C at www.nw3c.org or INTERPOL at firstname.lastname@example.org.
So, to be clear: It is not “only” illegal but it is modified as well. Do you really want to install that?
The version floating around doesn't show characterisitcs of having modification. This is not much of an issue, COFEE is basically a collection of sysinternals tools and OS utilities. Full analysis:
If it essentially is a collection of digital forensic tools already commonly used around the world. Then why would it be illegal to study this set? And why is it only available for law enforcement? Why not provide security professionals with this tool as well?