I was looking at various LInux security websites yesterday and ran across this nice Linux security livedcd called C.A.IN.E. This distro includes a great list of Linux ‘security’ tools and they also offer a .deb file to install the included packages in Debian, Ubuntu, and other Debian derivatives.
CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a project of Digital Forensics
Currently the project manager is Nanni Bassetti.
CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface.
The main design objectives that CAINE aims to guarantee are the following:
–an interoperable environment that supports the digital investigator during the four phases of the digital investigation
–a user friendly graphical interface
–a semi-automated compilation of the final report
–We recommend you to read the page on the CAINE policies carefully.
–CAINE represents fully the spirit of the Open Source philosophy, because the project is completely open, everyone could take the legacy of the previous developer or project manager. The distro is open source, the Windows side (Wintaylor) is open source and, the last but not the least, the distro is installable, so giving the opportunity to rebuild it in a new brand version, so giving a long life to this project .
CAINE includes scripts activated within the Nautilus web browser designed to make examination of allocated files simple. Currently, the scripts can render many databases, internet histories, Windows registries, deleted files, and extract EXIF data to text files for easy examination. The Quick View tool automates this process by determining the file type and rendering with the appropriate tool.
The live preview Nautilus scripts also provide easy access to administrative functions, such as making an attached device writeable, dropping to the shell, or opening a Nautilus window with administrator privileges. The “Save as Evidence” script will write the selected file(s) to an “Evidence” folder on the desktop and create a text report about the file containing file metadata and an investigator comment, if desired.
A unique script, “Identify iPod Owner”, is included in the toolset. This script will detect an attached and mounted iPod Device, display metadata about the device (current username, device serial number, etc.). The investigator has the option to search allocated media files and unallocated space for iTunes user information present in media purchased through the Apple iTunes store, i.e., Real Name and email address.
The live preview scripts are a work in progress. Many more scripts are possible as are improvements to the existing scripts. The CAINE developers welcome feature requests, bug reports, and critiques.
The preview scripts were born of a desire to make evidence extraction simple for any investigator with basic computer skills. They allow the investigator to get basic evidence to support the investigation without the need of advanced computer forensics training or waiting upon a computer forensics lab. Computer forensics labs can used the scripts for device triage and the remainder of the CAINE toolset for a full forensic examination
I had problems running the distro on Virtual box but while searching I found that there is also a VirtualBox image for the distro available http://virtualboximages.com/Caine-0.5
One Response to “C.A.IN.E (Computer Aided Investigative Environment) Linux Distro”
Duke 3x Says:
October 25th, 2011 at 10:34 am
Leave a Reply
You must be logged in to post a comment.