CAINE 5 review is a review of the latest edition of CAINE, a Linux distribution designed solely for digital forensics. This edition is code-named Blackhole.
The distribution’s name is derived from Computer Aided INvestigative Environment, and it is an Italian GNU/Linux live distribution, whose development is headed by Nanni Bassetti. The goal of this distribution is to provide an interoperable environment and user-friendly tools for digital forensics.
Hightlights of this release are: Linux Kernel 3.8.0-35, based on the 64-bit version of Ubuntu 12.04.3, has support for UEFI and Restricted Boot, and ships with a new installer called Systemback.
Since the installer is new, let’s start by looking at what it brings to the table.
The Installer: According to the project’s description on Launchpad.net, Systemback is a “simple system backup and restore application with extra features.” And part of that “extra features” is the ability to install a Linux distribution. And that’s just about all the extra it does – install. It cannot be used for disk partitioning. That means another application will have to be used to partition the target hard disk drive (HDD). This screen shot shows the user setup page of the installer, and it is also the first step in the installation process.
This shows the second step. If the target HDD has no partition table, there’s nothing that can be done from here. With regards to handling partitions, it allows formatting, setting mount points, and filesystems.
And this shows the same step with existing partitions on the target HDD. Once the mount points and filesystems have been configured, clicking Next moves the process to the next step.
And this is a screen shot of that next step.
No interruption, please.
It takes only a few minutes for the installation to complete. After clicking OK, a manual restart is required to reboot the new system. The installer’s weakness is obviously the inability to handle disk partitioning. That means it does not bring anything new to the table. I wonder why the developers chose it to replace the graphical installer of its parent distribution.
The Desktop: CAINE is a specialist distribution, designed for digital forensics, but a default installation comes with a complete set of applications that you’ll usually find on standard desktop distributions. The desktop environment it uses is MATE. This screen shot shows the login screen. Even with a password set during the installation process, all that’s needed to log in is to just click on that Log in button. I have no idea why the developers configured it for passwordless login by default.
Like I wrote earlier, this is a specialist distribution that comes with a full complement of standard desktop applications by default. And it even contains a better collection of system utilities than many of the popular desktop distributions. In fact, it could be used as a standard desktop distribution. Just ignore the Forensic tools menu category and you won’t even know that it was designed for digital forensic investigators. A default installation takes just around 4.7 GB of disk space. This gallery shows aspects of the default installation that could make it pass easily as a standard desktop distribution.
System Administrative Tools: When it comes to graphical system utilities, not even talking about those designed specifically for digital forensics and those in MATE’s system control center, CAINE 5 ships with the best of them. Systemback, the application used as the installer, is one example. Systemback can’t be used to partition an HDD, but it can be used for several system administrative tasks – from backing up and restoring the system, to using it to create a Live system, upgrading the system, and performing file and full system repair and system upgrades. Systemback can do it all, except partition an HDD. Clicking on the System install button will actually open the first step of the installation process shown in the first screen shot of this review. Systemback looks like one of those applications you want to have on your system, just in case
In any case it is not a problem on the live distro and it is not a problem for the forensic tools. 😉
I figured as much.
On the first issue I have to investigate (how can I reproduce it?), on the second one, it’s not important, I forgot to rename that dir, only this 😉
Thanks a lot for your review 😉 I’m taking notes as you suggested 🙂
So is that thing with world-writable root something to worry about? And is the theme files error that important?