In addition to using FTK, the DOJ also used Microsoft's tool, called Computer Online Forensics Extraction Tool (Cofee). Cofee is a tool that helps forensic investigators analyze a computer without the need to physically connect a device to the computer. It is designed to speed the analysis of a computer by automatically running a specific set of tools, including FTK, to collect forensic data. Cofee also supports the generation and analysis of a digital video stream, which can be sent to a remote system.
In March 2012, FireEye released a detection-based tool, called Forensic Toolkit (FTK), for analyzing Windows-based computers. FTK is an automated forensic analysis tool that instantly scans computers for known suspect malware, such as Win32/Nitol, Win32/IronPort, Win32/Corporation, or Win32/Tianan & Crane. By combining detection-based analysis with automated investigation, FTK helps forensic investigators quickly and efficiently identify, analyze, and move evidence off of a computer.
The announcement of the DOJ's use of FTK and Cofee came as a surprise because the tools are designed specifically for forensics. Microsoft does not allow the tools to be used for any other purpose, including use in a criminal investigation. FTK and Cofee have also not been disclosed or discussed in the public domain.
In September 2012, Microsoft announced support for the FTK tool. The announcement came in the wake of news that the United States Department of Justice was using the tool in a criminal prosecution against a group of hackers, who were charged with participating in a conspiracy to access and alter computer networks. The DOJ released an official statement on its use of FTK to help investigators identify and analyze those involved in a botnet, a computer network made of millions of compromised computers. Investigators were able to quickly find documents, emails, and other data stored on the computers belonging to the defendants. Using FTK, forensic investigators were also able to quickly identify and remove large amounts of suspect malware from the compromised computers.
By using FTK and other less sophisticated tools, law enforcement is able to quickly identify and remove large amounts of suspect malware from a computer, such as malware that typically accompanies attacks.
On the legal side, Redline, along with other tools such as ENIGMA, helps facilitate investigations and prepare for litigation. These automated processes, such as the recently announced unencrypted hard drive data extraction algorithm, help a court or a company look at evidence in a more organized and streamlined fashion.
The MATLAB environment is based on the MathWorks MATLAB® Compiler, or MMC, which is a proprietary language developed by MathWorks to facilitate the building of applications. MMC understands the MATLAB language and various task APIs and provides efficient intermediate language compilers for compiling functions and scripts. 827ec27edc