DECAF is a set of scripts built for @Microsoft products using the @PowerShell command-line shell and associated scripting language. It’s built to extract data from @Microsoft products on in-use computers and supports x86 and x86-64 instruction set architecture.
It's intended to replicate @Microsoft Computer Online Forensic Evidence Extractor (COFEE) built using @markrussinovich co-authored Windows Sysinternals utilities; as distributed to the National White Collar Crime Center and Interpol.
