Anti-forensics tool-DECAF

Anti-Forensics software DECAF (full name: detectandeliminatecomputerpolicedforensics, detection and removal of computer court scientific evidence extraction device ). The DECAF program is only kb. It can delete temporary files of coprocessor, kill the process, erase all logs of coprocessor, and disable USB. In order to make coprocessor unable to trace and even create a variety

Anti-Forensics software DECAF (full name: Detect and Eliminate Computer AssistEdForensics, used to detect and clear computer court scientific evidence extractors ). The DECAF program is only 181KB. It can delete temporary files of coprocessor, kill the process, erase all logs of coprocessor, disable USB, to make codecome unable to trace it, it can even create a variety of fraudulent MAC addresses. It should be noted that DECAF does not provide source code, so we do not know what it actually does to the computer. DECAF developers claim that future versions will allow computer users to remotely shut down their computers by email or short messages, if detecting that the computer falls into the hands of law enforcement agencies. In case of emergency, it can also send a warning to its companion.
From decafme.org:



DECAF is a counter intelligeNcE tool specifically created around the obsTrUction of the well known Microsoft proDuCt COFEE uSedBy law enforcement around the world.



DECAF provIdEs real-TimeMonitoring for codecomsignatures on USB devices and running appliCatIons.FindIng the presence of coprocessor, DECAF perfoRmS numerous user-defined processes; including co1_logClearIng,EjectIng USB devices, drive-by dropper, andExTensive list of Lockdown ModeSetUsers. The Lockdown mode gives the user an automatic ed approach to locking down the machine at the first sign of unuSuAl law enforcement activity.



DECAF is highly writable able giving the user complete control to on-the-fly scenarios. In a moments notice, almost every piece of hardware can be disabled and pre-definedFileS can be deleted in the background. DECAFLsO gives the user an opportunity to simulate coprocessor's presence by sending the application into a 'spill the codecom' type mode. simulation gives the user an opportunity to test his or her configuration before going live.



Future versions will have text message and email triggers so in case the computer needs to enter into lockdown mode the user can do it remotely. it will also have notification services where in the case of an emergency, someone can be notified (private torrent tracker admins ). DECAF's next release is going to be available inMoreLight-weight version and/or a windows service.

Official: http://www.decafme.org/

Download:

Http://thepiratebay.org/torrent/5238072/DECAF-SOLDIERX.rar or

Http://www.multiupload.com/88TEOEYCSZ