Difference between revisions of "COMP 3000 2011 Report: CAINE"

From Soma-notes
Jump to navigation Jump to search
Line 11: Line 11:


#'''Collection''' deals with evidence finding, recognition, collection, and some early documentation with details about the evidence.
#'''Collection''' deals with evidence finding, recognition, collection, and some early documentation with details about the evidence.
#'''Examination''' has the user to sifting through the already collected evidence with different software. The goal is to find out where the evidence came from and whether or not it is relevant. It also may reveal previously unknown information about the piece of evidence with in-depth examination.
#'''Examination''' has the scientist sifting through the already collected evidence with different software. The goal is to find out where the evidence came from and if it is significant. It also may reveal previously unknown information about the piece of evidence with in-depth examination.
#'''Analysis''' happens after Examination has deemed a piece of evidence significant enough. By piecing together information gained through the Examination stage, the scientist will decide just how relevant the evidence is to the current case.
#'''Reporting''', the final stage, is writing a simple report touching on the examination process and giving a detailed look at all the relevant information gathered through Examination and Analysis that will hopefully help the case in some way.


The design goals that CAINE strives, as said by the distro website itself:<ref name = "CAINE"/>
The design goals that CAINE strives, as said by the distro website itself:<ref name = "CAINE"/>

Revision as of 16:25, 14 October 2011

Part 1

Background

CAINE, which stands for Computer Aided INvestigative Environment, is a Linux environment whose main purpose is to provide specific investigative and reporting tools that would prove useful to a forensic scientist.<ref name = "CAINE">CAINE-Live Website</ref> This Linux environment was originally created in Italy and is currently being managed by Mr. Nanni Bassetti (Website in Italian).

Something to consider about digital forensics is the four step process model put in place by the U.S Department of Justice<ref name = "DigiForen">Digital Forensics - The Enhanced Digital Investigation Process Model</ref>


The four stages of digital forensics:<ref name = "DigiForen"/>

  1. Collection deals with evidence finding, recognition, collection, and some early documentation with details about the evidence.
  2. Examination has the scientist sifting through the already collected evidence with different software. The goal is to find out where the evidence came from and if it is significant. It also may reveal previously unknown information about the piece of evidence with in-depth examination.
  3. Analysis happens after Examination has deemed a piece of evidence significant enough. By piecing together information gained through the Examination stage, the scientist will decide just how relevant the evidence is to the current case.
  4. Reporting, the final stage, is writing a simple report touching on the examination process and giving a detailed look at all the relevant information gathered through Examination and Analysis that will hopefully help the case in some way.

The design goals that CAINE strives, as said by the distro website itself:<ref name = "CAINE"/>

  • an interoperable environment that supports the digital investigator during the four phases of the digital investigation
  • a user friendly graphical interface
  • a semi-automated compilation of the final report

Installation/Startup

Basic Operation

Usage Evaluation

Citations

<references />

References