CAINE 3.0 review

A couple of the forensics applications are bash scripts that must be run from a shell terminal, while the rest have graphical interfaces. There is, for example, AIR (Automated Image & Rescue), which is actually a graphical frontend for dd and dc3dd. dd id a file converter and copier, while dc3dd is dd enhanced with features for digital forensics – on-the-fly hashing, split output files, pattern writing, progress meter, and file verification. The main interface of AIR is shown below.
Caine AIR

Another interesting application in CAINE 3 is Autopsy, a browser interface to the command-line tools available in The Sleuth Kit (TSK). TSK, designed for investigative analysis of disk images, is powerful stuff, and there is a version called Sleuth Kit Hadoop, which integrates TSK into a Hadoop cluster. It was initially funded by the US Army Intelligence Center of Excellence (USAICoE).

These applications may be accessed individually, or you can use a graphical application called Caine interface, which provides a single-hop interface for using the installed forensic applications. The next five screen shots show the windows of the Caine interface:

This is the main interface. Pressing Create Report prompts you for authentication.

Upon successful authentication, you then see this:
Caine Interface

The Collection tab.
Caine Interface

Analysis tab.
Caine Interface

Report tab.
Caine Reports

Aside from the Caine interface, all the other applications are already in the repository of your favorite distribution, but the Caine interface just makes the distribution a lot easier to use for what it is designed for. So like BackTrack, CAINE is one of those distributions you might want to dual-boot with your regular distribution on an external drive or install in a virtual environment, if you are interested in digital forensics.

Resources: You may download a 32-bit installation image of CAINE 3 from here (there is no 64-bit installation image). A complete list of applications, both forensics-specific and standard, installed on CAINE 3, is available here.

Screen Shots: More screen shots from a test installation of CAINE 3.0.

CAINE 3’s GRUB menu.
Caine 3 GRUB Menu

The default CAINE 3.0 MATE desktop
Caine 3 MATE Desktop

The desktop with the menu showing installed applications in the System Tools category.
Caine 3 Desktop

Firefox is the only installed application in the Internet category.
Caine 3 Desktop

The desktop with the menu showing installed graphics applications.
Caine 3 Desktop

We Recommend These Vendors

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

One Comment

  1. First;
    “It is now a project of Digital Forensics for Inter-department Center for Research on Security (CRIS) at the same university.”

    It’s not true…since 2009 I’m the project manager as you can read in Caine’s website everywhere

    And….a forensic distro like Caine is not only an Ubuntu filled of many forensic tools…there are many patches for avoiding the changes to attached devices, as the forensic best practices suggest…write blocking etc.

    Thank you for your review and have a nice day 😉

Leave a Comment

Your email address will not be published. Required fields are marked *