Open Source Live Distributions for Computer Forensics

  • Giancarlo GiustiniEmail author
  • Mauro Andreolini
  • Michele Colajanni
Conference paper


Current distributions of open source forensic software provide digital investigators with a large set of heterogeneous tools. Their use is not always focused on the target and requires high technical expertise. We present a new GNU/Linux live distribution, named CAINE (Computer Aided INvestigative Environment) that contains a collection of tools wrapped up into a user friendly environment. The CAINE forensic framework introduces novel important features, aimed at filling the interoperability gap across different forensic tools. Moreover, it provides a homogeneous graphical interface that drives digital investigators during the acquisition and analysis of electronic evidence, and it offers a semi-automatic mechanism for the creation of the final report.


  1. 1.
    US Department of Justice (2001) Electronic Crime Scene Investigation: A Guide for First Responders. US Department of JusticeGoogle Scholar
  2. 2.
    US Department of Justice (2004) Forensic Examination of Digital Evidence: A Guide for Law Enforcement. US Department of JusticeGoogle Scholar
  3. 3.
    Carvey H (2207) Perl Scripting for Windows Security: Live Response, Forensic Analysis, and Monitoring. Syngress Publishing Inc.Google Scholar
  4. 4.
    Lacouture PV (1996) Discovery and the use of computer-based information in litigation. Rhode Island Bar JournalGoogle Scholar
  5. 5.
    Carrier B (2005) File System Forensic Analysis. Addison Wesley ProfessionalGoogle Scholar
  6. 6.
    Solomon MG, Barrett D, Broom N (2005) Computer Forensics JumpStart. SybexGoogle Scholar
  7. 7.
    Walsh N, Muellner L. (2007) DocBook 5.0: The Definitive Guide. O’ReillyGoogle Scholar
  8. 8.
    Chamberlain D, Cross D, Wardley A (2003) Perl Template Toolkit. O’ReillyGoogle Scholar
  9. 9.
    Foy BD, Phoenix T, Schwartz RL (2005) Learning Perl, 4th Edition. O’ReillyGoogle Scholar
  10. 10.
    Nagler R (2004) Extreme Programming in Perl. Robert NaglerGoogle Scholar
  11. 11.
    International Association of Chiefs of Police Advisory Committee for Police Investigative Operations (2005) Best Practices for Seizing Electronic Evidence. PricewaterhouseCoopers LLPGoogle Scholar
  12. 12.
    Nolan R, O’Sullivan C, Branson J, Waits C (2005) First Responders Guide to Computer Forensics. CERT Training and EducationGoogle Scholar
  13. 13.
    The Internet Crime Complaint Center (2007) 2006 Internet Fraud Crime Report. National White Collar Crime Center & FBIGoogle Scholar
  14. 14.
    Computer Crime and Intellectual Property Section - Criminal Division (2002) Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations. US Department of JusticeGoogle Scholar
  15. 15.
    Geiger M, Cranor LF (2005) Counter-Forensic Privacy Tools - A Forensic Evaluation. Carnegie Mellon UniversityGoogle Scholar
  16. 16.
    Gleason BJ, Fahey D (2006) Helix 1.7 for Beginners.
  17. 17.
    FBI: Computer Analysis and Response Team (2007)
  18. 18.
    Robbins J (2007) An Explanation of Computer Forensics.
  19. 19.
    Richard Ford R (2007) Open vs. Closed: Which Source is More Secure? ACM Queue, February 2007Google Scholar
  20. 20.
    Hiong GS (2004) Open source vs commercial apps: the differences that matter. ZDNet Asia, October 2004Google Scholar
  21. 21.
    The Sleuth Kit.
  22. 22.
  23. 23.
  24. 24.
  25. 25.
    FCCU GNU/Linux Forensic Boot CD.
  26. 26.
  27. 27.
  28. 28.
  29. 29.
    Scalpel: A Frugal, High Performance File Carver.

Copyright information

© Springer Science+Business Media, LLC 2010

Authors and Affiliations

  • Giancarlo Giustini
    • 1
    Email author
  • Mauro Andreolini
    • 1
  • Michele Colajanni
    • 1
  1. 1.Department of Information EngineeringUniversity of Modena and Reggio EmiliaModenaItaly

Personalised recommendations