CAINE 3.0 Review
Kamis, 11 Oktober 2012
0
komentar
http://www.linuxbsdos.com/2012/10/09/caine-3-0-review
CAINE, acronym for Computer Aided INvestigative Environment, is a Linux distribution specially crafted for performing computer (digital) forensics. It started life as the graduate thesis of Giancarlo Giustini at the Information Engineering Department of the University of Modena e Reggio Emilia, Italy. It is now a project of Digital Forensics for Inter-department Center for Research on Security (CRIS) at the same university.
The latest edition, CAINE 3.0, code-named Quasar, was released on October 3. It is the project’s fifth release, and also marks the first release with MATE as the desktop environment. Previous editions used GNOME 2 and all have been Live CD images for 32-bit platforms. The boot menu is shown below.
CAINE is based on Ubuntu desktop and the latest release is based on Ubuntu 12.04. It, therefore, shares the same installation program with its parent distribution. Though the installer recommends 6.3 GB of disk space for a successful installation, a new installation (of CAINE 3.0) uses just about 3.7 GB of disk space.
As a Live CD, you can use CAINE 3.0 without installing it to a hard drive, but if you choose to install it to local storage, the installer installs it on a single partition, aside from a Swap partition. You can, of course, install the system on a custom set of partitions, provided you know how to create partitions in Linux, using the Advanced Partitioning Tool. If you are engaged in digital forensics, you probably know how, but if you are new to this, guide to disks and disk partitions in Linux is a good read.
If you have never used or installed Ubuntu before, this is how the user setup step during installation looks like. At this step, you may opt to encrypt your home folder. Note, however, that this folder-level encryption does not offer the same degree of physical security that you get with partition-level disk encryption, which will make its debut in Ubuntu’s desktop installer on Ubuntu 12.10, which is set for release on October 18.
As a specialized distribution, CAINE comes with software applications that you will not find on a regular desktop distribution. But unlike BackTrack, a specialized distribution for hacking, which comes with more than 98% of its installed software designed for hacking, CAINE ships with mostly regular applications, with just a small percentage of its installed applications designed for digital forensics.
So the menu of the MATE desktop looks just like that of any regular desktop distribution, with the only difference being a menu category called Forensic Tools. The default desktop with the menu in focus is shown below. In essence, you can use CAINE as a regular desktop distribution.
This shot shows the applications in the Forensic Tools menu category.
Network forensics tools.
Mobile forensics tools.
A couple of the forensics applications are bash scripts that must be run from a shell terminal, while the rest have graphical interfaces. There is, for example, AIR (Automated Image & Rescue), which is actually a graphical frontend for dd and dc3dd. dd id a file converter and copier, while dc3dd is dd enhanced with features for digital forensics – on-the-fly hashing, split output files, pattern writing, progress meter, and file verification. The main interface of AIR is shown below.
Another interesting application in CAINE 3 is Autopsy, a browser interface to the command-line tools available in The Sleuth Kit (TSK). TSK, designed for investigative analysis of disk images, is powerful stuff, and there is a version called Sleuth Kit Hadoop, which integrates TSK into a Hadoop cluster. It was initially funded by the US Army Intelligence Center of Excellence (USAICoE).
These applications may be accessed individually, or you can use a graphical application called Caine interface, which provides a single-hop interface for using the installed forensic applications. The next five screen shots show the windows of the Caine interface:
This is the main interface. Pressing Create Report prompts you for authentication.
Upon successful authentication, you then see this:
The Collection tab.
Analysis tab.
Report tab.
Aside from the Caine interface, all the other applications are already in the repository of your favorite distribution, but the Caine interface just makes the distribution a lot easier to use for what it is designed for. So like BackTrack, CAINE is one of those distributions you might want to dual-boot with your regular distribution on an external drive or install in a virtual environment, if you are interested in digital forensics.
Resources: You may download a 32-bit installation image of CAINE 3 from here (there is no 64-bit installation image). A complete list of applications, both forensics-specific and standard, installed on CAINE 3, is available here.
Screen Shots: More screen shots from a test installation of CAINE 3.0.
CAINE 3′s GRUB menu.
The default CAINE 3.0 MATE desktop
The desktop with the menu showing installed applications in the System Tools category.
Firefox is the only installed application in the Internet category.
The desktop with the menu showing installed graphics applications.
CAINE, acronym for Computer Aided INvestigative Environment, is a Linux distribution specially crafted for performing computer (digital) forensics. It started life as the graduate thesis of Giancarlo Giustini at the Information Engineering Department of the University of Modena e Reggio Emilia, Italy. It is now a project of Digital Forensics for Inter-department Center for Research on Security (CRIS) at the same university.
The latest edition, CAINE 3.0, code-named Quasar, was released on October 3. It is the project’s fifth release, and also marks the first release with MATE as the desktop environment. Previous editions used GNOME 2 and all have been Live CD images for 32-bit platforms. The boot menu is shown below.
CAINE is based on Ubuntu desktop and the latest release is based on Ubuntu 12.04. It, therefore, shares the same installation program with its parent distribution. Though the installer recommends 6.3 GB of disk space for a successful installation, a new installation (of CAINE 3.0) uses just about 3.7 GB of disk space.
As a Live CD, you can use CAINE 3.0 without installing it to a hard drive, but if you choose to install it to local storage, the installer installs it on a single partition, aside from a Swap partition. You can, of course, install the system on a custom set of partitions, provided you know how to create partitions in Linux, using the Advanced Partitioning Tool. If you are engaged in digital forensics, you probably know how, but if you are new to this, guide to disks and disk partitions in Linux is a good read.
As a specialized distribution, CAINE comes with software applications that you will not find on a regular desktop distribution. But unlike BackTrack, a specialized distribution for hacking, which comes with more than 98% of its installed software designed for hacking, CAINE ships with mostly regular applications, with just a small percentage of its installed applications designed for digital forensics.
So the menu of the MATE desktop looks just like that of any regular desktop distribution, with the only difference being a menu category called Forensic Tools. The default desktop with the menu in focus is shown below. In essence, you can use CAINE as a regular desktop distribution.
This shot shows the applications in the Forensic Tools menu category.
Network forensics tools.
Mobile forensics tools.
A couple of the forensics applications are bash scripts that must be run from a shell terminal, while the rest have graphical interfaces. There is, for example, AIR (Automated Image & Rescue), which is actually a graphical frontend for dd and dc3dd. dd id a file converter and copier, while dc3dd is dd enhanced with features for digital forensics – on-the-fly hashing, split output files, pattern writing, progress meter, and file verification. The main interface of AIR is shown below.
Another interesting application in CAINE 3 is Autopsy, a browser interface to the command-line tools available in The Sleuth Kit (TSK). TSK, designed for investigative analysis of disk images, is powerful stuff, and there is a version called Sleuth Kit Hadoop, which integrates TSK into a Hadoop cluster. It was initially funded by the US Army Intelligence Center of Excellence (USAICoE).
These applications may be accessed individually, or you can use a graphical application called Caine interface, which provides a single-hop interface for using the installed forensic applications. The next five screen shots show the windows of the Caine interface:
This is the main interface. Pressing Create Report prompts you for authentication.
Upon successful authentication, you then see this:
The Collection tab.
Analysis tab.
Aside from the Caine interface, all the other applications are already in the repository of your favorite distribution, but the Caine interface just makes the distribution a lot easier to use for what it is designed for. So like BackTrack, CAINE is one of those distributions you might want to dual-boot with your regular distribution on an external drive or install in a virtual environment, if you are interested in digital forensics.
Resources: You may download a 32-bit installation image of CAINE 3 from here (there is no 64-bit installation image). A complete list of applications, both forensics-specific and standard, installed on CAINE 3, is available here.
Screen Shots: More screen shots from a test installation of CAINE 3.0.
CAINE 3′s GRUB menu.
The default CAINE 3.0 MATE desktop
The desktop with the menu showing installed applications in the System Tools category.
Firefox is the only installed application in the Internet category.
The desktop with the menu showing installed graphics applications.
TERIMA KASIH ATAS KUNJUNGAN SAUDARA
Judul: CAINE 3.0 Review
Ditulis oleh Unknown
Rating Blog 5 dari 5
Semoga artikel ini bermanfaat bagi saudara. Jika ingin mengutip, baik itu sebagian atau keseluruhan dari isi artikel ini harap menyertakan link dofollow ke http://androidjapane.blogspot.com/2012/10/caine-30-review.html. Terima kasih sudah singgah membaca artikel ini.Ditulis oleh Unknown
Rating Blog 5 dari 5
0 komentar:
Posting Komentar