Digital Forensics Review and Tutorial Project (Caine)


I used CAINE in my Digital Forensics class to acquire a live image to repair damaged files, engage in data acquisition, recover a virus damaged system, look for rootkits, and recover file deletion.

CAINE 3.0 (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a project of Digital Forensics
Currently the project manager is Nanni Bassetti.
CAINE Os emulators offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface.

CAINE claims to be forensically sound, meaning that it can be used to obtain reliable data as evidence. CAINE was created as a project of Digital Forensics for Interdepartmental Centre for Research on Security (CRIS), supported by the University of Modena and Reggio Emilia in Italy. Caine an Ubuntu-based live distribution featuring a collection of forensic tools in a user-friendly environment.

The main design objectives that CAINE aims to guarantee are the following:

  • an interoperable environment that supports the digital investigator during the four phases of the digital investigation
  • a user friendly graphical interface
  • a semi-automated compilation of the final report

Graphical User Interface Design

It introduces a GUI interface (Figure 1) that guides digital investigators during the acquisition and analyzing of electronic evidence, and it offers a semi-automatic process for the documentation and report compilation.

figure 1

Caine Gui

Write Blocker Technology (Software and Hardware)

CAINE can ensure that the data on the host device is not compromised or damaged in any way. It is essential that the computer forensic tool kit not disturb or change anything on the host computer in order for the evidence obtained to be admissible in court. Each host device is mounted with a read-only software write blocker (Figure 2).

Video example of a Hardware Writeblocker

figure 2

Software Writeblocker

The following video shows how I acquired a live image from a hard drive. I performed data acquisition and explain how to analyze electronic evidence.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s