COFEE consists of three major components: the GUI interface for the investigator, the command‐line application to be executed on the target machine, and the individual tools which are managed by COFEE and the command‐line application.
There are two major types of live forensics investigation tools – Live Information Acquisition tools and Remote Online Acquisition tools. Computer Online Forensic Evidence Extractor (COFEE) is a live information and volatile data forensics acquisition system.
The GUI interface was developed for managing the tool selection, generating scripts, loading programs onto a USB device, and creating a report from the collected data. The command‐line application was developed for controlling and executing a set of selected tools on the target machine.
Digital Forensics Attributes and Principles
In any digital forensics investigation, digital forensics specialists and legal advisors should ensure the balance between the three main attributes: Reconnaissance, Relevancy and Reliability of the digital evidence. In any digital forensics investigation, the investigator should always attempt to achieve the maximum amount of data acquisition while having a minimal effect on the integrity or accuracy of the data.
Download COFEE User Guide: http://cryptome.org/cofee-guide.zip
Download Working COFEE Program (Windows): http://cryptome.org/cofee.zip
Source: http://cryptome.org
COFEE User Guide