Difference between pages "Upcoming events" and "CAINE Live CD"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Conferences)
 
m
 
Line 1: Line 1:
<b>PLEASE READ BEFORE YOU EDIT THE LISTS BELOW</b><br>
+
{{Infobox_Software |
Events should be posted in the correct section, and in date order. An event should NEVER be listed in more than one section (i.e. Ongoing/Continuous events should not be listed in Scheduled Training).  When events begin the same day, events of a longer length should be listed first.  New postings of events with the same date(s) as other events should be added after events already in the list. If a provider offers the same event at several locations simultaneously, the listing should have a single (ONE) entry in the list with the date(s) and ALL locations for the event. Please use three-letter month abbreviations (i.e. Sep, NOT Sept. or September), use two digit dates (i.e. Jan 01 NOT Jan 1), and use date ranges rather than listing every date during an event(i.e. Jan 02-05, NOT Jan 02, 03, 04, 05).<br>
+
  name = CAINE LiveCD/DVD |
<i>Some events may be <u>limited</u> to <b>Law Enforcement Only</b> or to a specific audience. Such restrictions should be noted when known.</i>
+
  maintainer = [[Nanni Bassetti]] |
 +
  os = {{Linux}} |
 +
  genre = {{Live CD}} |
 +
  license = {{GPL}}, others |
 +
  website = [http://www.caine-live.net Caine Live] |
 +
}}
 +
'' ''' Caine' (an acronym for Computer Aided Investigative Environment'''') is a [[distribution Linux | distribution]] [[Live CD | live]] oriented to Computer Forensics ([[computer forensics]]) historically conceived by Giancarlo Giustini, within a project of Digital Forensics '' Interdepartmental Research Center for Security'' (CRIS) of the University of Modena and Reggio Emilia  see [http://www.caine-live.net/page4/history.html Official Site].
 +
Currently the project is maintained by Nanni Bassetti.
  
This is a BY DATE listing of upcoming events relevant to [[digital forensics]]. It is not an all inclusive list, but includes most well-known activities. Some events may duplicate events on the generic [[conferences]] page, but entries in this list have specific dates and locations for the upcoming event.
+
== Features ==
 +
The latest version of Caine is based on the [[Ubuntu Linux]] 12.04 LTS, MATE and LightDM. Compared to its original version, the current version has been modified to meet the standards forensic reliability and safety standards laid down by the [[NIST]] View [Http://www.cftt.nist.gov/Methodology_Overview.htm the methodologies of Nist].
  
This listing is divided into four sections (described as follows):<br>
+
Caine includes:
<ol><li><b><u>Calls For Papers</u></b> - Calls for papers for either Journals or for Conferences, relevant to Digital Forensics (Name, Closing Date, URL)</li><br>
+
* Caine Interface - a user-friendly interface that brings together a number of well-known forensic tools, many of which are open source;
<li><b><u>Conferences</u></b> - Conferences relevant for Digital Forensics (Name, Date, Location, URL)</li><br>
+
* Updated and optimized environment to conduct a forensic analysis;
<li><b><u>On-Going / Continuous Training</u></b> - Training opportunities that are either always available online/distance learning format (start anytime) or that are offered the same time every month (Name, date-if applicable, URL)</li><br>
+
* Report generator semi-automatic, by which the investigator has a document easily editable and exportable with a summary of the activities;
<li><b><u>[[Scheduled Training Courses]]</u></b> - Training Classes/Courses that are scheduled for specific dates/locations. This would include online (or distance learning format) courses which begin on specific dates, instead of the "start anytime" courses listed in the previous section. (Provider, URL) (''note: this has been moved to its own page.'')<br></li></ol>
+
* Adherence to the investigative procedure defined recently by Italian Law 48/2008, [Http://www.parlamento.it/parlam/leggi/08048l.htm Law 48/2008,].
  
== Calls For Papers ==
+
In addition, Caine is the first distribution to include forensic Forensics inside the Caja/Nautilus Scripts and all the patches of security for not to alter the devices in analysis.
Please help us keep this up-to-date with deadlines for upcoming conferences that would be appropriate for forensic research.
+
  
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
The distro uses several patches specifically constructed to make the system "forensic", ie not alter the original device to be tested and / or duplicate:
|- style="background:#bfbfbf; font-weight: bold"
+
* Root file system spoofing: patch that prevents tampering with the source device;
! width="30%|Title
+
* No automatic recovery corrupted Journal patch: patch that prevents tampering with the device source, through the recovery of the [[Journal]];
! width="15%"|Due Date
+
* Mounter and RBFstab: mounting devices in a simple and via graphical interface.
! width="15%"|Notification Date
+
! width="40%"|Website
+
|-
+
|23rd Computer Security Foundations Symposium
+
|Feb 04, 2010
+
|Mar 19, 2010
+
|http://www.floc-conference.org/CSF-cfp.html
+
|-
+
|USENIX Security Symposium 2010
+
|Feb 05, 2010
+
|Jul 05, 2010
+
|http://www.usenix.org/events/sec10/cfp/
+
|-
+
|Seventh GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment
+
|Feb 05, 2010
+
|Apr 05, 2010
+
|http://dimva2010.fkie.fraunhofer.de/cfp-dimva2010.pdf
+
|-
+
|7th International Symposium on Risk Management and Cyber-Informatics: RMCI 2010
+
|Feb 10, 2010
+
|Mar 03, 2010
+
|http://www.iiis2010.org/wmsci/Contents/CallForPapers-RMCI-2010.pdf
+
|-
+
|Thirtieth Annual International Cryptology Conference
+
|Feb 18, 2010
+
|Apr 30, 2010
+
|http://www.iacr.org/conferences/crypto2010/cfp.php
+
|-
+
|2010 Conference on Digital Forensics, Security and Law
+
|Feb 19, 2010
+
|
+
|http://www.digitalforensics-conference.org/callforpapers.htm
+
|-
+
|Digital Forensic Research Workshop (DFRWS) 2010
+
|Feb 28, 2010
+
|Apr 05, 2010
+
|http://dfrws.org/2010/cfp.shtml
+
|-
+
|Blackhat Europe 2010
+
|Mar 01, 2010
+
|
+
|http://blackhat.com/html/bh-eu-10/registration/bh-eu-10-cfp.html
+
|-
+
|Symposium On Usable Privacy and Security
+
|Mar 05, 2010
+
|Apr 30, 2010
+
|http://cups.cs.cmu.edu/soups/2010/cfp.html
+
|-
+
|20th Virus Bulletin International Conference
+
|Mar 05, 2010
+
|
+
|http://www.virusbtn.com/conference/vb2010/call/index
+
|-
+
|European Symposium on Research in Computer Security
+
|Apr 01, 2010
+
|Jun 10, 2010
+
|http://www.esorics2010.org/index.php?option=com_content&view=article&id=1&Itemid=3
+
|-
+
|13th Annual Recent Advances in Intrusion Detection
+
|Apr 04, 2010
+
|Jun 07, 2010
+
|http://www.raid2010.org/calls-for-participation
+
|-
+
|6th International Conference on Security and Privacy in Communication Networks
+
|Apr 05, 2010
+
|May 31, 2010
+
|http://www.securecomm.org/cfp.shtml
+
|-
+
|New Security Paradigms Workshop (NSPW)
+
|Apr 16, 2010
+
|Jun 11, 2010
+
|http://www.nspw.org/2010/cfp
+
|-
+
|ACM Computer and Communications Security Conference
+
|Apr 17, 2010
+
|Jun 21, 2010
+
|http://www.sigsac.org/ccs/CCS2010/cfp.shtml
+
|-
+
|2010 IEEE International Conference on Technologies for Homeland Security
+
|Apr 24, 2010
+
|
+
|http://ieee-hst.org/
+
|-
+
|2nd International ICST Conference on Digital Forensics & Cyber Crime (ICDF2C)
+
|May 01, 2010
+
|Jun 15, 2010
+
|http://www.d-forensics.org/callforpapers.shtml
+
|-
+
|2nd International Workshop on Security in Cloud Computing (SCC'2010)
+
|May 01, 2010
+
|Jun 07, 2010
+
|http://bingweb.binghamton.edu/~ychen/SCC2010.htm
+
|-
+
|}
+
  
See also [http://www.wikicfp.com/cfp/servlet/tool.search?q=forensics WikiCFP 'Forensics']
+
[[RBFstab]] is set to treat [[EXT3]] as a [[EXT4]]'' noload with the option'' to avoid automatic recovery of any corrupt Journal of '[[EXT3]];
 +
* Swap file off: patch that avoids modifying the file [[swap]] in systems with limited memory [[RAM]], avoiding the alteration of the original artifact computer and overwrite data useful for the purposes of investigation.
  
== Conferences ==
+
Caine and Open Source == ==
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
Patches and technical solutions are and have been all made in collaboration with people (Professionals, hobbyists, experts,
|- style="background:#bfbfbf; font-weight: bold"
+
etc..) from all over the world. <br />
! width="40%"|Title
+
! width="20%"|Date/Location
+
! width="40%"|Website
+
|-
+
|DoD Cyber Crime Conference
+
|Jan 22-29<br>St. Louis, MO
+
|http://www.dodcybercrime.com/10CC/
+
|-
+
|ShmooCon VI
+
|Feb 05-07<br>Washington, DC
+
|http://www.shmoocon.org
+
|-
+
|International Conference on Technical and Legal Aspects of the e-Society
+
|Feb 10-15<br>St. Maarten, Netherlands Antilles
+
|http://www.iaria.org/conferences2010/CYBERLAWS10.html
+
|-
+
|Third International Workshop on Digital Forensics
+
|Feb 15-18<br>Krakow, Poland
+
|http://www.ares-conference.eu/conf/index.php/workshops/wsdf
+
|-
+
|American Academy of Forensic Sciences Annual Meeting
+
|Feb. 22-27<br>Seattle, WA
+
|http://www.aafs.org/default.asp?section_id=meetings&page_id=aafs_annual_meeting
+
|-
+
|17th Network and IT Security Conference
+
|Feb 38-Mar 03<br>San Diego, CA
+
|http://www.isoc.org/isoc/conferences/ndss/10/
+
|-
+
|RSA Conference 2010
+
|Mar 01-05<br>San Francisco, CA
+
|http://www.rsaconference.com/2010/usa/index.htm
+
|-
+
|CanSecWest 2010
+
|Mar 22-26<br>Vancouver, British Columbia, Canada
+
|http://cansecwest.com/index.html
+
|-
+
|Blackhat Europe 2010
+
|Apr 12-15<br>Barcelona, Spain
+
|http://blackhat.com/html/bh-eu-10/bh-eu-10-home.html
+
|-
+
|31st IEEE Symposium on Security and Privacy
+
|May 16-19<br>Oakland, CA
+
|http://oakland31.cs.virginia.edu/
+
|-
+
|AusCERT Asia Pacific Information Security Conference
+
|May 16-21<br>Kenmore Hills, Queensland, Australia
+
|http://conference.auscert.org.au/conf2010/index.html
+
|-
+
|Conference on Digital Forensics, Security and Law 2010
+
|May 19-21<br>St. Paul, MN
+
|http://www.digitalforensics-conference.org/index.htm
+
|-
+
|Blackhat Abu Dhabi 2010
+
|May 30-Jun 02<br>Abu Dhabi, UAE
+
|http://blackhat.com/html/events.html
+
|-
+
|Techno-Security 2010
+
|Jun 06-09<br>Myrtle Beach, SC
+
|http://www.thetrainingco.com/html/Security_Conference_2010.html
+
|-
+
|7th International Symposium on Risk Management and Cyber-Informatics
+
|Jun 29-Jul 02<br>Orlando, FL
+
|http://www.2010iiisconferences.org/RMCI
+
|-
+
|Seventh Conference on Detection of Intrusions and Malware & Vulnerability Assessment
+
|Jul 08-09<br>Bonn, Germany
+
|http://dimva2010.fkie.fraunhofer.de/
+
|-
+
|Symposium On Usable Privacy and Security
+
|Jul 14-16<br>Redmond, WA
+
|http://cups.cs.cmu.edu/soups/2010/
+
|-
+
|CSF 2010 - 23rd Computer Security Foundations Symposium
+
|Jul 17-19<br>Edinburgh, Scotland, UK
+
|http://www.floc-conference.org/CSF-home.html
+
|-
+
|Blackhat USA 2010
+
|Jul 24-29<br>Las Vegas, NV
+
|http://blackhat.com/html/events.html
+
|-
+
|Digital Forensic Research Workshop (DFRWS) 2010
+
|Aug 02-04<br>Portland, OR
+
|http://dfrws.org/2010/
+
|-
+
|19th USENIX Security Symposium
+
|Aug 11-13(br>Washington, DC
+
|http://www.usenix.org/events/sec10/
+
|-
+
|30th International Cryptology Conference
+
|Aug 15-19<Santa Barbara, CA
+
|http://www.iacr.org/conferences/crypto2010/
+
|-
+
|6th International Conference on Security and Privacy in Communication Networks
+
|Sep 07-10<br>Singapore
+
|http://www.securecomm.org/index.shtml
+
|-
+
|2nd International Workshop on Security in Cloud Computing (SCC'2010)
+
|Sep 13-16<br>San Diego, CA
+
|http://bingweb.binghamton.edu/~ychen/SCC2010.htm
+
|-
+
|13th International Symposium on Recent Advances in Intrusion Detection
+
|Sep 15-17<br>Ottowa, Ontario, Canada
+
|http://www.raid2010.org/
+
|-
+
|European Symposium on Research in Computer Security
+
|Sep 20-22<br>Athens, Greece
+
|http://www.esorics2010.org/
+
|-
+
|2010 HTCIA International Training Conference & Exposition
+
|Sep 20-22<br>Atlanta, GA
+
|http://www.htciaconference.org/
+
|-
+
|New Security Paradigms Workshop (NSPW)
+
|Sep 21-23<br>Concord, MA
+
|http://www.nspw.org/2010
+
|-
+
|VB2010 Fighting malware and spam
+
|Sep 29-Oct 01<br>Vancouver, BC, Canada
+
|http://www.virusbtn.com/conference/vb2010/
+
|-
+
|17th ACM Computer and Communications Security Conference
+
|Oct 04-08<br>Chicago, IL
+
|http://www.sigsac.org/ccs/CCS2010/
+
|-
+
|2nd International ICST Conference on Digital Forensics & Cyber Crime (ICDF2C)
+
|Oct 04-06<br>Abu Dhabi, UAE
+
|http://www.d-forensics.org/
+
|-
+
|Techno Forensics 2010
+
|Oct 25-26<br>Gaithersburg, MD
+
|http://www.techsec.com/html/TechnoForensics2010.html
+
|-
+
|2010 IEEE International Conference on Technologies for Homeland Security
+
|Nov 08-10<br>Waltham, MA
+
|http://ieee-hst.org/
+
|-
+
|IFIP Working Group 11.9 - Digital Forensics
+
|January 2011<br>Unknown
+
|http://www.ifip119.org/Conferences/
+
|-
+
|}
+
  
== On-going / Continuous Training ==
+
CAINE represents fully the spirit of the Open Source philosophy, because the project is completely open, anyone could
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
take the legacy of the previous developer or project manager. <br />
|- style="background:#bfbfbf; font-weight: bold"
+
! width="40%"|Title
+
! width="20%"|Date/Location
+
! width="40%"|Website
+
|-
+
|- style="background:pink;align:left"
+
! DISTANCE LEARNING
+
|-
+
|Basic Computer Examiner Course - Computer Forensic Training Online
+
|Distance Learning Format
+
|http://www.cftco.com
+
|-
+
|Linux Data Forensics Training
+
|Distance Learning Format
+
|http://www.crazytrain.com/training.html
+
|-
+
|SANS On-Demand Training
+
|Distance Learning Format
+
|http://www.sans.org/ondemand/?portal=69456f95660ade45be29c00b0c14aea1
+
|-
+
|Champlain College - CCE Course
+
|Online / Distance Learning Format
+
|http://extra.champlain.edu/cps/wdc/alliances/cce/landing/
+
|-
+
|Las Positas College
+
|Online Computer Forensics Courses
+
|http://www.laspositascollege.edu
+
|-
+
|- style="background:pink;align:left"
+
!RECURRING TRAINING
+
|-
+
|MaresWare Suite Training
+
|First full week every month<br>Atlanta, GA
+
|http://www.maresware.com/maresware/training/maresware.htm
+
|-
+
|Evidence Recovery for Windows Vista&trade;
+
|First full week every month<br>Brunswick, GA
+
|http://www.internetcrimes.net
+
|-
+
|Evidence Recovery for Windows Server&reg; 2003 R2
+
|Second full week every month<br>Brunswick, GA
+
|http://www.internetcrimes.net
+
|-
+
|Evidence Recovery for the Windows XP&trade; operating system
+
|Third full week every month<br>Brunswick, GA
+
|http://www.internetcrimes.net
+
|-
+
|Computer Forensics Training and CCE&trade; Testing for Litigation Support Professionals
+
|Third weekend of every month(Fri-Mon)<br>Dallas, TX
+
|http://www.md5group.com
+
|-
+
|}
+
  
==See Also==
+
The distro is open source, the Windows side (Nirlauncher/Wintaylor) is open source and, last one but not least important, the distro is installable, so as to give the possibility to rebuild in a new version, in order to give a long life to this project.
* [[Scheduled Training Courses]]
+
 
==References==
+
== Caine Interface ==
* [http://faculty.cs.tamu.edu/guofei/sec_conf_stat.htm Computer Security Conference Ranking and Statistic]
+
Caine Interface - a user-friendly interface that brings together a number of well-known forensic tools. <Br/>
* [http://www.kdnuggets.com/meetings/ Meetings and Conferences in Data Mining and Discovery]
+
 
* http://www.conferencealerts.com/data.htm Data Mining Conferences World-Wide]
+
Environment updated and optimized for digital investigations. <br />
 +
 
 +
Report Semi-automatic - the final production of a complete document and easily editable exported by the investigator.
 +
Maximum adherence to the Italian investigative procedure. <br />
 +
 
 +
The first distribution to include forensic inside the Caja Forensics / Nautilus/Caja Scripts and all security patches, not to alter the devices in the analysis. <br />
 +
 
 +
The basic interface of the distribution called Caine Interface, was performed using the known GTK2-Perl wrapper that implements the Perl language instruction set and commands made available from the Gtk + toolkit.
 +
 
 +
Caine Interface allows you not only to select the various forensic software, it automatically generates the final report, due to the modules offered by Perl Template Toolkit, and DocBook.
 +
 
 +
Inside contains the following software.
 +
 
 +
, Acquisition
 +
* Grissom Analyzer (mmls, img_stat, fsstat)
 +
* LRRP
 +
* AIR
 +
* Guymager
 +
* Terminal with saving the output
 +
* DC3DD
 +
 
 +
; Analysis
 +
* Autopsy
 +
* [[The SleuthKit]]
 +
* [[Selective file dumper | Sfdumper 2.2]]
 +
* Fundl 2.0
 +
* Scalpel
 +
* Foremost
 +
* Stegdetect
 +
* Ophcrack
 +
* Nautilus scripts
 +
* And many others
 +
 
 +
Reporting semiautomatic == ==
 +
 
 +
Every contribution in the form of output and local report for each program involved in an investigation is saved in a report file, easily manageable by the investigator. The generation of the final report is done through the creation of temporary log file, that is to contain the output products for implementing the programs used by the investigator. <br />
 +
The generation process is achieved through the use of Perl, bash scripts, variables Perl Template Toolkit and the DocBook file that acts as a container to the final report. <br />
 +
 
 +
All set within the Perl program.
 +
 
 +
The Project Caine == ==
 +
 
 +
The project was initially inserted into the priorities of the CRIS (Centre for Research Interdepartmental Security) Research Centre Interpardimentale Security - University of Modena [http://cris.unimore.it/cris/node/54 site], in this way the distribution has benefited from essential contributions on the technical computing, together to the latest "best practices" legal investigation digital  see [http://www.dia.unisa.it/~ads/ads/Sicurezza_files/Tesina%20Live%20Forensics.pdf Security University of Salerno] see [http://www.forwardedge2.com/pdf/bestpractices.pdf U.S. Secret Service document] see [http://ncfs.org/craiger.forensics.methods.procedures.final.pdf CraigeR's Draft].
 +
 
 +
The project Caine was also the subject of a scientific paper accepted and published inside the first Workshop on Computer & Network Forensics held in Milan September 10th 2008 - [http://conferenze.dei.polimi.it/ossconf/schedule.php OSSCoNF].
 +
 
 +
In followed all close collaboration with Denis Frati (spilled by the project at end 2009) and Nanni Bassetti, prominent figures in the panorama of Italian Digital Forensics, allowed a constant improvement of investigative standards proposed. The work carried out together with the staff ConoscereLinux allowed to enter Caine within the Italian community of programmers of open-source software.
 +
 
 +
Caine is very much the spirit of Open Source OSSConf 2008 Open Source Day 2012, precisely because the various inputs planning and operational were provided by so many employees scattered across the globe, using only the network to communicate and many have our utmost to provide hosting, mirror and suggestions, scripts and everything that can serve to improve the project, then a full and free.
 +
 
 +
Currently the project manager and a team of international figures treat the project Caine since the 1.0 release to date that has arrived at version 4.0 (18-March-2013) and achieving praise from law enforcements of several foreign nations.
 +
 
 +
24/11/2012 The Caine 3.0 was presented at '[http://www.opensourceday.org/2012/?mid=20 Opens Source Day 2012]' at the University of Udine.
 +
 
 +
== Notes ==
 +
<references />
 +
 
 +
== Bibliography ==
 +
* Andrea Ghirardini, Gabriele Faggioli, ''Computer Forensics'', Apogeo, 2009, ISBN 9788850328161
 +
* E. Huebner, S. Zanero, ''Open Source Software for Digital Forensics'', Springer, 2010, ISBN 978-1-4419-5802-0
 +
* Diane Barrett, Greg Kipper, ''Virtualization and Forensics: A Digital Forensic Investigator's Guide to Virtual Environment'', Syngress, 2010, ISBN 978-1-59749-557-8
 +
* Sean Philip Oriyano and Michael Gregg, ''Hacker Techniques, Tools, And Incident Handling'', Jones and Bartlett Learning, 2011, ISBN 978-0-7637-9183-4
 +
* Michael Jang, ''Security Strategies in Linux Platforms and Applications'', Jones and Bartlett Learning, 2011, ISBN 978-0-7637-9189-6
 +
 
 +
== Collegamenti esterni ==
 +
*[http://www.careeracademy.com/browseproducts/CHFI-Training-CBT-Boot-Camp--EC-Council-Computer-Hacking-Forensic-Investigator.HTML Presente nel training CHFI Ec-Council] International certificatione
 +
*[http://link.springer.com/chapter/10.1007/978-1-4419-5803-7_5 Open Source Live Distributions for Computer Forensics- by Springer]<br />
 +
*[http://conferenze.dei.polimi.it/ossconf/schedule.php OSSConf 2008]<br />
 +
*[http://books.google.it/books?id=jQVgWaF3pJwC&pg=PT304&lpg=PT304&dq=Andrea+Ghirardini;+Gabriele+Faggioli,+Computer+Forensics+caine&source=bl&ots=mf8-Def6uF&sig=88ydFgTv05M2Q45B4FSvwqhBXKk&hl=it&sa=X&ei=W2voUOD3Lcrk4QSVlIDoDQ&ved=0CEMQ6AEwAQ Google books]<br />
 +
*[http://www.amazon.com/Virtualization-Forensics-Forensic-Investigators-Environments/dp/1597495573Virtualization and Forensics: A Digital Forensic Investigator's Guide to Virtual Environment]<br />
 +
*[http://www.linux-magazin.de/Ausgaben/2010/12/Italienische-Aufklaerung Linux-Mazin.de]<br />
 +
*[http://www.linux-magazine.com/Issues/2011/122/Caine Linux-Magazine.com]<br />
 +
*[http://www.opensourceday.org/2012/?mid=20 Opens Source Day 2012]<br />
 +
*[http://searchsecurity.techtarget.it/articoli/0,1254,18_ART_103282,00.html TechTarget.it]<br />
 +
*[http://programmazione.it/index.php?entity=eitem&idItem=41687 Programmazione.it]<br />
 +
*[http://www.linuxtoday.com/upload/caine-3.0-review-121009195504.html Linuxtoday.com]<br />
 +
*[http://www.linuxtoday.com/infrastructure/2010122801535SCSW Linuxtoday.com 2]<br />
 +
*[http://news.softpedia.com/news/CAINE-3-0-a-Tool-for-Digital-Forensics-297461.shtml Softpedia]<br />
 +
*[http://hackingzones.in/?p=2726 hackingzone.in]<br />
 +
*[http://www.gustavopimentel.com.ar/ gustavopimental.com.ar]<br />
 +
*[http://www.concise-courses.com/security/top-ten-distros/# concise-courses.com]<br />
 +
*[http://www.e-linux.it/news_detail/caine-15 e-linux.it]<br />
 +
*[http://www.ilsoftware.it/articoli.asp?tag=CAINE-progetto-italiano-per-la-computer-forensics_5656 ilsoftware.it]<br />
 +
*[http://www.dragonjar.org/distribucion-live-cd-analisis-forense.xhtml dragonjar.org]<br />
 +
*[http://www.nannibassetti.com/dblog/articolo.asp?articolo=156 Attestato Marenostrum V.F.F.]<br />
 +
*[http://www.linuxformat.com/archives?issue=151 LinuxFormat] <br />
 +
*[http://www.techrepublic.com/blog/10things/10-obscure-linux-distributions-and-why-you-should-know-about-them/2334 TechRepublic]<br />
 +
*[http://www.forensicswiki.org/wiki/CAINE_Live_CD ForensicsWiki]<br />
 +
* [http://www.caine-live.net Sito ufficiale]
 +
* [http://cris.unimore.it/cris/node/54 Sito del CRIS] dedicato a Caine
 +
 
 +
{{Linux}}

Revision as of 06:12, 3 May 2013

CAINE LiveCD/DVD
Maintainer: Nanni Bassetti
OS: Linux
Genre: Live CD
License: GPL, others
Website: Caine Live

Caine' (an acronym for Computer Aided Investigative Environment') is a distribution live oriented to Computer Forensics (computer forensics) historically conceived by Giancarlo Giustini, within a project of Digital Forensics Interdepartmental Research Center for Security (CRIS) of the University of Modena and Reggio Emilia see Official Site. Currently the project is maintained by Nanni Bassetti.

Features

The latest version of Caine is based on the Ubuntu Linux 12.04 LTS, MATE and LightDM. Compared to its original version, the current version has been modified to meet the standards forensic reliability and safety standards laid down by the NIST View the methodologies of Nist.

Caine includes:

  • Caine Interface - a user-friendly interface that brings together a number of well-known forensic tools, many of which are open source;
  • Updated and optimized environment to conduct a forensic analysis;
  • Report generator semi-automatic, by which the investigator has a document easily editable and exportable with a summary of the activities;
  • Adherence to the investigative procedure defined recently by Italian Law 48/2008, Law 48/2008,.

In addition, Caine is the first distribution to include forensic Forensics inside the Caja/Nautilus Scripts and all the patches of security for not to alter the devices in analysis.

The distro uses several patches specifically constructed to make the system "forensic", ie not alter the original device to be tested and / or duplicate:

  • Root file system spoofing: patch that prevents tampering with the source device;
  • No automatic recovery corrupted Journal patch: patch that prevents tampering with the device source, through the recovery of the Journal;
  • Mounter and RBFstab: mounting devices in a simple and via graphical interface.

RBFstab is set to treat EXT3 as a EXT4 noload with the option to avoid automatic recovery of any corrupt Journal of 'EXT3;

  • Swap file off: patch that avoids modifying the file swap in systems with limited memory RAM, avoiding the alteration of the original artifact computer and overwrite data useful for the purposes of investigation.

Caine and Open Source == == Patches and technical solutions are and have been all made in collaboration with people (Professionals, hobbyists, experts, etc..) from all over the world.

CAINE represents fully the spirit of the Open Source philosophy, because the project is completely open, anyone could take the legacy of the previous developer or project manager.

The distro is open source, the Windows side (Nirlauncher/Wintaylor) is open source and, last one but not least important, the distro is installable, so as to give the possibility to rebuild in a new version, in order to give a long life to this project.

Caine Interface

Caine Interface - a user-friendly interface that brings together a number of well-known forensic tools.

Environment updated and optimized for digital investigations.

Report Semi-automatic - the final production of a complete document and easily editable exported by the investigator. Maximum adherence to the Italian investigative procedure.

The first distribution to include forensic inside the Caja Forensics / Nautilus/Caja Scripts and all security patches, not to alter the devices in the analysis.

The basic interface of the distribution called Caine Interface, was performed using the known GTK2-Perl wrapper that implements the Perl language instruction set and commands made available from the Gtk + toolkit.

Caine Interface allows you not only to select the various forensic software, it automatically generates the final report, due to the modules offered by Perl Template Toolkit, and DocBook.

Inside contains the following software.

, Acquisition

  • Grissom Analyzer (mmls, img_stat, fsstat)
  • LRRP
  • AIR
  • Guymager
  • Terminal with saving the output
  • DC3DD
Analysis

Reporting semiautomatic == ==

Every contribution in the form of output and local report for each program involved in an investigation is saved in a report file, easily manageable by the investigator. The generation of the final report is done through the creation of temporary log file, that is to contain the output products for implementing the programs used by the investigator.
The generation process is achieved through the use of Perl, bash scripts, variables Perl Template Toolkit and the DocBook file that acts as a container to the final report.

All set within the Perl program.

The Project Caine == ==

The project was initially inserted into the priorities of the CRIS (Centre for Research Interdepartmental Security) Research Centre Interpardimentale Security - University of Modena site, in this way the distribution has benefited from essential contributions on the technical computing, together to the latest "best practices" legal investigation digital see Security University of Salerno see U.S. Secret Service document see CraigeR's Draft.

The project Caine was also the subject of a scientific paper accepted and published inside the first Workshop on Computer & Network Forensics held in Milan September 10th 2008 - OSSCoNF.

In followed all close collaboration with Denis Frati (spilled by the project at end 2009) and Nanni Bassetti, prominent figures in the panorama of Italian Digital Forensics, allowed a constant improvement of investigative standards proposed. The work carried out together with the staff ConoscereLinux allowed to enter Caine within the Italian community of programmers of open-source software.

Caine is very much the spirit of Open Source OSSConf 2008 Open Source Day 2012, precisely because the various inputs planning and operational were provided by so many employees scattered across the globe, using only the network to communicate and many have our utmost to provide hosting, mirror and suggestions, scripts and everything that can serve to improve the project, then a full and free.

Currently the project manager and a team of international figures treat the project Caine since the 1.0 release to date that has arrived at version 4.0 (18-March-2013) and achieving praise from law enforcements of several foreign nations.

24/11/2012 The Caine 3.0 was presented at 'Opens Source Day 2012' at the University of Udine.

Notes

<references />

Bibliography

  • Andrea Ghirardini, Gabriele Faggioli, Computer Forensics, Apogeo, 2009, ISBN 9788850328161
  • E. Huebner, S. Zanero, Open Source Software for Digital Forensics, Springer, 2010, ISBN 978-1-4419-5802-0
  • Diane Barrett, Greg Kipper, Virtualization and Forensics: A Digital Forensic Investigator's Guide to Virtual Environment, Syngress, 2010, ISBN 978-1-59749-557-8
  • Sean Philip Oriyano and Michael Gregg, Hacker Techniques, Tools, And Incident Handling, Jones and Bartlett Learning, 2011, ISBN 978-0-7637-9183-4
  • Michael Jang, Security Strategies in Linux Platforms and Applications, Jones and Bartlett Learning, 2011, ISBN 978-0-7637-9189-6

Collegamenti esterni