[Infowarrior] - DECAF released (the anti-COFEE)

[Richard Forno]

http://www.decafme.org/

Detect and Eliminate Computer Assisted Forensics (DECAF)

DECAF is a counter intelligence tool specifically created around the  
obstruction of the well known Microsoft product COFEE used by law  
enforcement around the world.

DECAF provides real-time monitoring for COFEE signatures on USB  
devices and running applications. Upon finding the presence of COFEE,  
DECAF performs numerous user-defined processes; including COFEE log  
clearing, ejecting USB devices, drive-by dropper, and an extensive  
list of Lockdown Mode settings. The Lockdown mode gives the user an  
automated approach to locking down the machine at the first sign of  
unusual law enforcement activity.

DECAF is highly configurable giving the user complete control to on- 
the-fly scenarios. In a moments notice, almost every piece of hardware  
can be disabled and pre-defined files can be deleted in the  
background. DECAF also gives the user an opportunity to simulate  
COFEE's presence by sending the application into a 'Spill the cofee'  
type mode. Simulation gives the user an opportunity to test his or her  
configuration before going live.

Future versions will have text message and email triggers so in case  
the computer needs to enter into lockdown mode the user can do it  
remotely. It will also have notification services where in the case of  
an emergency, someone can be notified (private torrent tracker  
admins). DECAF's next release is going to be available in a more light- 
weight version and/or a windows service.

http://www.decafme.org/