I wrote on April 29 about Microsoft’s “Computer Online Forensic Evidence Extractor”, though I didn’t know at that time what it was called. Microsoft has since realized that they messed up big time by not initiating a public discussion about what it did, how it worked, and not letting the public know about it directly.
Microsoft’s explanation is that it’s a USB drive with a bunch of scripts that can back up a running computer to the USB drive. The drive would have to be pretty large, and considering how slow USB 2.0 is, the cop operating it would have to be pretty patient. And, last but not least, USB would need to be enabled in the BIOS…
There is an article covering this here.
I don’t think that either Microsoft or the Law Enforcement community realize the implications even yet. If I were using my computer for something that I did not want the law to be able to access, I’d switch to Linux or OSX immediately, as the utilities that Microsoft provides aren’t going to work on any other operating system. Since I’m not trying to hide anything, I don’t have to worry.
Of course another implication from the cop’s point of view is that if you are running something other than a Microsoft operating system, you probably have something to hide. Oops. Guess what? We run OSX and Linux in this household!