CAINE (Computer Aided INvestigative Environment) is an open source tool that offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface.
The main design objectives of CAINE are to guarantee the following:
- an interoperable environment that supports the digital investigator during the four phases of the digital investigation
- a user friendly graphical interface
- a semi-automated compilation of the final report
CAINE includes scripts activated within the Nautilus Web browser designed to make examination of allocated files simple. Currently, the scripts can render many databases, internet histories, Windows registries, deleted files, and extract EXIF data to text files for easy examination. The Quick View tool automates this process by determining the file type and rendering with the appropriate tool.
The live preview Nautilus scripts also provide easy access to administrative functions, such as making an attached device writeable, dropping to the shell, or opening a Nautilus window with administrator privileges. The "Save as Evidence" script will write the selected file(s) to an "Evidence" folder on the desktop and create a text report about the file containing file metadata and an investigator comment, if desired.
A unique script, "Identify iPod Owner", is included in the toolset. This script will detect an attached and mounted iPod Device, display metadata about the device (current username, device serial number, etc.). The investigator has the option to search allocated media files and unallocated space for iTunes user information present in media purchased through the Apple iTunes store, i.e., Real Name and e-mail address.
For more information, visit www.caine-live.net/index.html