Home » Featured, My Note, Review Software, Teknologi Informasi

CAINE 0.5 The Digital Forensics Distro

Written By: administrator on June 15, 2009 No Comment

This entry is part 2 of 3 in the series Linux Digital Forensics

OS Linux untuk Forensik
CAINE 0.5 The Digital Forensics Distro
Kepatuhan akan Prosedur Standar Sebagai Asas Utama Pengungkapan Cybercrime

Read my post about Linux on Digital Forensics Field, You’ll find that I mention about CAINE. CAINE is not CAIN and ABEL the most favorable password cracking application but CAINE is Computer Aided INvestigation Environment one of many distro specialized for forensics and autopsy of computer. Actually there are so many distro out there beside CAINE, but from my attempt only this distro that provide an intuitive interface to gathered all tools in digital forensics field. It might not the strongest, completed, and powerful for this field but from my opinion, CAINE is well suited and easy enough for average user that had to work on this field like those on cybercrime unit in Indonesia.

On this version, CAINE was built based on ubuntu 8.04, you can download this magnificent distro on this site. Week ago I was downloaded too and test it on my laptop by using Live CD and with VirtualBox. Both are working good and what they claimed here are just working as it is. Now let talk about what this distro can provide to cybercrime law officer or professional on this field, list are divided into category;

Tools on LiveCD;

Autopsy 2.20, foremost, Fundl, gtkhash, Guymager, LRRP, ophcrack, photorec, scalpel, SFDumper, stegdetect, testdisk, TheSleuthKit 3.0, afflib, cryptcat, libewf, md5sum, sha256sum, sha512sum, Abiword 2.6.4, Firefox 3.0.5, Dvdisaster, GCalcTool, Geany, gparted, gtk-recordmydesktop, liveusb, ntfs-3g, VLC, Wicd

Tools on WinTaylor

ActiveXHelper, IECookiesView, IEHistoryView, IEPassView, IPNetInfo, MessenPass, OpenedFilesView, PC Time, ProduKey, RegScanner, Recover Files, ShellExView, USB History Dump, FTKImager, Windows Forensic Toolchest, Nigilant32

RAM Dumping

MDD, Win32dd, Winen

Network Tools

Fport, TCPView, Advanced LAN Scanner

System with GUI

AccessEnum, Autoruns, DiskView, Filemon, procexp, Regmon, RootkitRevealer, Winobj

System with Terminal

autorunsc, efsdump, handle, Listdlls, logonsessions, ntfsinfo, psexec, psfile, psgetsid, Psinfo, pskill, pslist, psloggedon, psloglist, pspasswd, psservice, psshutdown, pssuspend, streams, strings

hmmm,…. such a big list just from a CD media right? that’s why many site about forensics never recommended this kind of distro for beginner, cause it would make your system broken easily. For geek this list might be usual but for intermediate and beginner user this would be a nightmare, luckily CAINE are good enough so he provided us many GUI thing that make our work easier.

In fact CAINE has a unified interface to all the application needed so from collecting data until reporting job can be accessed on one interface. CAINE are capable of doing forensics on post mortem condition or Live system, on live system would needed more skill and experiences from it’s investigator.

Now the most important step in this posting, which is test drive of CAINE. first of all we had to download CAINE 0.5 iso then burn it with K3B or GnomeBaker or else you choose it After you finish to burn it then you’re ready to use it, on these point you can install it permanently on your laptop or using as a Live CD, both of this would need to boot Live CD on your machine.

Wait for a while to CAINE ready for use, then when you need to install it to your PC just Click Install icon on desktop, CAINE use xfce as Desktop Manager so it would make your rather old PC work just fine, image below are several screen shot of CAINE on my Laptop using VirtualBox.

Installing CAINE only need 7 step and nothing difficult just click next button until finished. When you are want to learn every function of this distro just open firefox and it will show up CAINE how to. It’s quite simple don’t you?