Comparison and Contrast between Computer Aided Investigative Environment (CAINE) and the Digital Evidence & Forensics Toolkit (DEFT
CAINE is a Computer Aided Investigative Environment tool with Linux/GNU live distribution designed as a Digital Forensic project. CAINE presents a complete forensic environment, which is structured to integrate available software tools and to give a friendly graphical interface. On the other hand, DEFT is a Digital Evidence Forensic Tool based on Linux side and the Digital Advanced Response Toolkit (DART) with the most suitable freeware Windows Computer Forensic toolkits.
Computer Aided and Investigative Environment (CAINE)
In the Linux CD environ, Computer Aided and Investigative Environment (CAINE) will boot up and offer the operator with the standard booting alternatives, comprise installation choice for developing a forensic workstation. After they are totally booted, the forensic tools are retrieved through the application menu (Ball & Rajamani, 2011). The tabs offer the standard set of tools for assortment and analysis. The collection/assortment tab incorporates connections to the tool such as Guymanager and AIR. The analysis tab comprises Foremost, Autopsy, Ophcrack, Scalpel, SFDumper and Stegdetect. CAINE utilizes an old-school desktop environment toughened top-score specialty tools. CAINE offers strict security and integrated digital investigation tools although, it is less appealing for non-forensic professionals to employ as a daily Linux desktop. Nevertheless, it can work the purpose for operators who are eager to handle numerous interface inconveniences (Hagar, 2011).
Methodology
Both CAINE and WinTaylor interfaces will create reports rooted in tools being employed during the period; nevertheless logging have to be manually started before the software will record of what has been performed. Drivers are attached by default as read only, noexec and noatime. Collection drivers that are mounted as write/read must be performed through the mount command in a terminal window. To enable writing to an NTFS collection drive, the ntfs-3g command is incorporated. The CAINE Live CD could also be installed over a USB Stick by opening a terminal and providing the command liveusb (Britz, 2012).
Analysis and Results
Generally, CAINE is a remarkable package, particularly for 0.5 releases. It is an intuitive package, easy-to-use, having most of the operationally of Helix3 (Gladstone, 2015). That does not mean it is perfect, as there are a few annoyances. Maybe for instance, because this was developed in Italy, the default keyboard design ought to be replaced by the keyboard during the booting period. However, the founders' team has been very reactive to bug suggestions and reports. The only major complaint is the alleged tie-in the US-based Television show CSI that distracts from general proficiency of the project. After you get beyond that, you have an extremely nice forensic toolkit (Wilkinson, 2010).
Digital Evidence and Forensic Toolkit (DEFT)
According to Hagar (2011) findings, DEFT is a distribution created for Computer Forensics, purposely running live on devices without corrupting or tampering systems linked to the PC in which the booting procedure occur. The device is based on GNU Linux, which can run live through USB pendrive or DVDROM, run or installed as a Virtualbox or a Virtual Appliance on VMware. It characterizes a comfortable mount manager for system management. DAFT is combined with Digital Advanced Response Toolkit (DART), which can be run in Windows, and have the greatest tool for Incident Response and Forensics. DART characterizes a GUI with integrity and logging checks for the instruments here controlled (Ball et al., 2011).
Methodology
First, left click the icon to mount the system. Secondly, right click the icon to shift the mount system policy. Lastly, the middle click will close the mounter app., then, relaunch from the menu (Beck & Kopp, 2014).
Comparison and Contrast
Similar to CAINE, DEFT is based in Italy. Dissimilar to CAINE, DEFT features more compact appearance and texture. By default, DEFT does not use a GUI in either Linux or Windows. DEFT make it certain on its web that it is not meant for newbies. When introduced in Windows, not much will take place, but in numerous ways that are a noble thing (Britz, 2012).
Unlike CAINE's GUI, which modifies anything run in its live system, such as overwriting and consuming RAM, probably destroying the evidence, DEFT does not autorun a GUI? The user of DEFT is always contented with command-line parameters and executables (Beck et al., 2014).
The Windows created utilities are situated within the DEFT-extra directory, and there are many of them. Apart from the assorted standard utilities, there are several some open source utilities like PDF viewer, Abiword, antivirus utilities, various editors, and several others (Wilkinson, 2010). These extra tools let the investigator execute additional works whereas experiencing least effect on the suspect device. These tools may also be transmitted to a forensic workplace and installed. There is likewise an index.html file within this directory that will offer you a better concept of any tool accessible (Foulk & Mason, 2013).
DEFT initially alerts you to choose your keyboard type when you are booting to Linux environment. Once it is done, the normal booting options are displayed. Choosing the default options leads you to a command line prompt. In comparison, DEFT is much faster than CAINE because it is not switching on the GUI. If you as satisfied with a command line environment, you may opt for a graphical interface, provide the command DEFT-GUI to activate it (Gladstone, 2015).
CAINE characterizes the principle of the open source philosophy, as the project is completely open, anyone can take on the heritage of the former project manager or developer. The Windows is freeware, and the distro side is open source. Also, the distro is installed, consequently providing the opportunity to restore it to the new version (Hagar, 2011).
On the contrary, as well as a substantial number of Linux scripts and applications, DEFT have the DAFT complement incorporating Windows apps, both open source and close source that remains viable because there is no corresponding in the Unix globe (Foulk et al., 2013).
Recommendation
Computer Forensic software ought to guarantee the integrity of metadata and file structures on the system under investigation to present a precise analysis. It similarly needs to analyze consistently the system under investigation without modifying, overwriting, changing or otherwise deleting the data. There are some features inherent to DEFT that reduces the risk of modifying the data being analyzed (Beck et al., 2014).
Rather than the empty desktops provided by CAINE, DEFT place numerous of the tools you will utilize on the desktop. However, there a number of more tools accessible from the terminal window. The collection of tools added is very complete, and lengthier to be listed. It looks to contain everything CAINE has, and others (Hagar, 2011).
Cost Benefits Analysis
CAINE 6 arrives with Firefox 32 and LibreOffice 4.3. It comprises a number of the most common software for working with data and other documents thus saving cost for these apps. These encompass GIMP Image Editor, RecordMyDesktop, Shtowell, Rythmbox and VLC media player. Many of these forensic models are hyperlinked to the Mozilla Firefox (Foulk et al., 2013).
DEFT is a specialized forensic distribution having a large number of add-ons designed for system administrators or investigators. For those who are contented with command line utilities, DEFT is an ideal option (Ball et al., 2011).
Limitations
CAINE 6.0 is supportive when it is being installed on UEFI systems that involve developing a small Vfat for installing each system within the mount point. One of the problems with installation to the hard drive is due to the failure of SytemBack to set a swap partition. CAINE looked to run better with no swap partition. A little of documentation reading presents even unskilled Linux users with plenty workarounds (Wilkinson, 2010). Since DEFT is still new, many uses view it complex and also require advance knowledge to operate.
Discussion
No matter your distribution choice, the most vital thing is documenting your work, to enable other to repeat the process and obtain identical outcomes. The whole of these distributions are open; thus, you can get all of them, identify the one you are satisfied with, and try to utilize it in and out. Then, double check the results using the tools from a different distribution (Britz, 2012). Lastly, learn how the tools functions, so you are aware what is happening. Once you are there, it nearly does not matter what toolset you employed so long as you are using it appropriately. But the advantages of DEFT surpasses those of CAINE, therefore always go for more valuable one.
Conclusion
If any of the toolsets is to expand and be an appreciated part of the forensic community, you must reflect about contributing your skills, expertise or time to these different projects. A developer will start to tell you how essential feedback is to the development process. You should get in touch with various developers and make them understand how they are progressing.
References
Ball, T., & Rajamani, S. K. (2011). The SLAM Toolkit. Computer Aided Confirmation Lecture Notes in Computer Science, 260-264. Retrieved May 18, 2015.
Britz, M. (2012). Computer forensics and cyber crime: An introduction. Upper Saddle River, NJ: Pearson Prentice Hall.
Beck, S., & Kopp, G. R. (2014). A new digital human environment and evaluation of vehicle interior design. Computer-Aided Design, 39(7), 548-558. Retrieved July 23, 2015.
Foulk, P., & Mason, R. (2013). A design environment for digital hardware. Computer-Aided Design, 12(2), 88. Retrieved June 25, 2016.
Gladstone, J. (2015). Policy News - Policy History - Final News Database. Retrieved February 20, 2016, from http://www.infopig.com/keywords/Policy/08-23-2008-193201.html
Hagar, J. (2011). Lessons learned from the incorporation of commercial computer aided software engineering tools in a flight critical software test environment. 15th DASC. AIAA/IEEE Digital Avionics Systems Conference. Retrieved February 5, 2016.
Wilkinson, K. (2010). Computer forensics: Computer surveillance, mobile device forensics, drive savers, anti-computer forensics. Memphis, TN: Books LLC.
Appendixes
Figure 1: CAINE startup screen under Windows (Wilkinson, 2010, p. 236)
Figure 2: CAINE's Linux desktop and menu (Ball et al., 2011, p. 78).
Figure 3: The CAINE interface (Foulk et al., 2013, p. 157)
Figure 4: DEFT Linux's desktop (Britz, 2012, p. 182)
