Difference between revisions of "COMP 3000 2011 Report: CAINE"

From Soma-notes
Jump to navigation Jump to search
Line 41: Line 41:
*Allocated 20GB for the virtual machine and 512MB of RAM.
*Allocated 20GB for the virtual machine and 512MB of RAM.


[[File:Caine1.png|thumb|left|'''Figure 2''' Initial boot screen.]]CAINE booted up with no initial problems with a boot screen full of options. '''Figure 2'''
CAINE booted up with no initial problems with a boot screen full of options. '''Figure 2'''


The options include:  
The options include:  


[[File:Caine1.png|thumb|left|'''Figure 2''' Initial boot screen.]]
*Booting the Live System.
*Booting the Live System.
*Low-graphics mode for lower-end machines.
*Low-graphics mode for lower-end machines.

Revision as of 12:35, 17 October 2011

Part 1

Background

CAINE, which stands for Computer Aided INvestigative Environment, is a Linux environment whose main purpose is to provide specific investigative and reporting tools that would prove useful to a forensic scientists.<ref name = "CAINE">CAINE-Live Website</ref> This Linux environment was originally created in Italy and is currently being managed by Mr. Nanni Bassetti (Website in Italian).


Something to consider before diving into what CAINE is used for is to get a quick understanding about the four step process model put in place by the U.S Department of Justice with regards to digital forensics.<ref name = "DigiForen">Digital Forensics - The Enhanced Digital Investigation Process Model</ref>


The four stages of digital forensics:<ref name = "DigiForen"/>

  1. Collection deals with evidence finding, recognition, collection, and some early documentation with details about the evidence.
  2. Examination has the scientist sifting through the already collected evidence with different software. The goal is to find out where the evidence came from and if it is significant. It also may reveal previously unknown information about the piece of evidence with in-depth examination.
  3. Analysis happens after Examination has deemed a piece of evidence significant enough. By piecing together information gained through the Examination stage, the scientist will decide just how relevant the evidence is to the current case.
  4. Reporting, the final stage, is writing a simple report touching on the examination process and giving a detailed look at all the relevant information gathered through Examination and Analysis that will hopefully help the case in some way.


The design goals that CAINE strives to achieve are as follows:<ref name = "CAINE"/>

  • A diverse environment that gives the flexibility and all the tools necessary to the forensic scientist during all four stages of the digital forensics.
  • A user-friendly GUI.
  • A tool which provided a simple, semi-automatic solution for reporting.


Obtaining CAINE is quite simple. The main website hosts the under 700MB .ISO file directly. The direct download link to CAINE can be found here. There is also an 865MB file that is available for netbooks as well. It can be found here.

Finally, CAINE was created with pieces from Ubuntu 10.04 and Remastersys created by Tony Brijeski<ref name = "CAINEFAQ">CAINE FAQs</ref>

Installation/Startup

The software that was used to virtualize CAINE was VMWare Workstation, specifically version 7.1.4 build-385536. [Figure 1]

Figure 1 The initial setup screen for VMWare

The specifications of the virtual machine are as follows:

  • Typical install (Creates a Workstation 6.5-7.x virtual machine)
  • Selected the Caine 2.5 .ISO file.
  • Selected a Linux operating system with type "Other Linux 2.6.x kernel".
  • Allocated 20GB for the virtual machine and 512MB of RAM.

CAINE booted up with no initial problems with a boot screen full of options. Figure 2

The options include:

Figure 2 Initial boot screen.
  • Booting the Live System.
  • Low-graphics mode for lower-end machines.
  • Command to start the full-install right away.
  • Text only mode.
  • Video diagnostics command.
  • Debug mode.
  • Memory diagnostics command.
  • Boot from the first hard disk (which is chosen if no action is taken in 10 seconds).

Basic Operation

Usage Evaluation

Citations

<references />

References