CAINE 8.0 review

A niche distro aimed at computer forensics

TechRadar Verdict

This distro is positively packed with forensics tools and dozens of nifty custom scripts to help analyse files, but you’ll have to know what you’re doing.

Pros

  • +

    Loads of useful forensics tools

  • +

    Powerful scripts

Cons

  • -

    Obviously a very niche distro

  • -

    Lack of help and documentation

Why you can trust TechRadar We spend hours testing every product or service we review, so you can be sure you’re buying the best. Find out more about how we test.

This article was provided to TechRadar by Linux Format, the number one magazine to boost your knowledge on Linux, open source developments, distro releases and much more. It appeared in issue 220, published February 2017. Subscribe to the print or digital version of Linux Format here.

CAINE, which stands for Computer Aided INvestigative Environment, is a live distro that’s designed to aid the specialised field of computer forensics. The distro is full of tools and utilities to aid every stage of a digital investigation.

You can use the distro to create an exact sector-level duplicate of the suspect media with tools such as Guymager, which is a graphical app for creating disk images. Besides dd, Guymager can also image disks in the EO1 and AFF formats which are commonly used in the digital forensics community and can incorporate metadata about the original media into the disk image itself. Once the media has been imaged, you can use CAINE to analyse its contents for evidence to support the investigation.

A key change in this release is that all devices are placed in read-only mode by default. This new write-blocking method assures all disks are preserved from accidental write operations. If you need to write a disk, you unlock it with the Block On/Off utility.

Buffet of tools

All the specialised tools are housed within a Forensic Tools menu. The menu catalogues the majority of the tools within purpose-based sub-menus, such as Analysis, Mobile forensics, Memory forensics and Network forensics. The menu also holds about two dozen more tools that aren’t filed under any category. While the submenus give the distro some structure and organisation, computer forensics is a specialised field and the tools won’t make much sense to inexperienced users.

What would have helped is documentation and this is one of CAINE’s weakest areas. The distro assumes familiarity with the tools and only includes the basic details to help you get started.

Among the distinguishing features of CAINE are the very helpful scripts that are mated to the Caja file manager. These scripts simplify the examination of any acquired files. The scripts can display browser history, analyse Windows registries, find deleted files and even extract EXIF data to text files for easy examination. There’s also a Save as Evidence script that will write the selected files to an Evidence folder on the desktop and create a text report about the file that contains metadata, along with an optional comment from the investigator for reference.

Another group of scripts is accessed using the Mixed scripts shortcut on the desktop – this folder includes a readme text file describing the purpose of some of the scripts. One noteworthy script from this collection is the Identify iPod Owner script which displays metadata about an attached iPod, and can even search for iTunes user information present in media purchased through the Apple store.

Besides the tools available in the live environment, you can also use the live medium to run forensics investigation on a running Windows installation. Just connect the CAINE live USB or optical media to a Windows machine and fire up the Win-UFO tool. The app has a user-friendly interface and can sniff out browser history, passwords, Wi-Fi passwords, and analyse browser cache, cookies and the search history without much effort.

The release also includes the x11vnc server to allow CAINE to be operated from a remote computer on the network. CAINE has been built atop Ubuntu 16.04 using the SystemBack tool. It’s designed to be used as a live environment, but it can be installed using SystemBack. Just ensure you refer to the installation documentation before heading down this path.

Final verdict

It lacks documentation, but CAINE is a fully equipped forensics-focused distro with plenty of tweaks to help dig up hidden PC secrets.

TOPICS
Shashank Sharma

Shashank Sharma is a trial lawyer in Delhi, India. Long before his foray into the world of litigation, he started his career by writing about Linux and open source software. Over the years, Shashank has also written various articles and reviews for TechRadar Pro, covering web hosting providers and website builder tools.

Latest in Pro
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today
Racks of servers inside a data center.
Modernizing data centers: an efficient path forward
Dr. Peter Zhou, President of Huawei Data Storage Product Line
Why AI commonization is so important for business intelligent transformation and what Huawei’s data storage has to offer
Wix automation
The world's leading website builder aims to save businesses time with new tool
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Latest in Reviews
WWE 2K25
I've spent days in the ring with WWE 2K25, and it's like a five-star match ruined by the Million Dollar Man
Curaprox Hydrosonic Pro electric toothbrush
Curaprox Hydrosonic Pro review: A powerful seven-mode, Swiss-made sonic brush
Atelier Yumia
I was already sold on Atelier Yumia as an RPG, but I wasn’t expecting it to have my favorite crafting system in all of gaming
Alienware 27 AW2725Q monitor on desk displaying a scene from Cyberpunk 2077
I played games with Alienware's new 27-inch 4K OLED monitor and now I don't want to see another LCD panel
PLAUD NOTE
I tested this AI voice recorder, and now I'll never take meeting notes manually again
SanDisk Extreme PRO with USB4
Testing the new SanDisk Extreme PRO with USB4 SSD proved both challenging and revealing