14 October 2011 | 14,688 views

CAINE (Computer Aided INvestigative Environment) – Digital Forensics LiveCD

Check For Vulnerabilities with Acunetix

CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a project of Digital Forensics. CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface.

The main design objectives that CAINE aims to guarantee are the following:

  • an interoperable environment that supports the digital investigator during the four phases of the digital investigation
  • a user friendly graphical interface
  • a semi-automated compilation of the final report

New Features/Tools

  • New NAUTILUS SCripts
  • ataraw
  • bloom
  • fiwalk
  • xnview
  • NOMODESET in starting menu
  • xmount
  • sshfs
  • Reporting by Caine Interface fixed
  • xmount-gui
  • nbtempo
  • fileinfo
  • TSK_Gui
  • Raid utils e bridge utils
  • BBT.py
  • Widows Side:
  • Wintaylor updated & upgraded

“rbfstab” is a utility that is activated during boot or when a device is plugged. It writes read-only entries to /etc/fstab so devices are safely mounted for forensic imaging/examination. It is self installing with ‘rbfstab -i’ and can be disabled with ‘rbfstab -r’. It contains many improvements over past rebuildfstab incarnations. Rebuildfstab is a traditional means for read-only mounting in forensics-orient distributions.

“mounter” is a GUI mounting tool that sits in the system tray. Left clicking the system tray drive icon activates a window where the user can select devices to mount or un-mount. With rbfstab activated, all devices, except those with volume label “RBFSTAB”, are mounted read-only. Mounting of block devices in Nautilus (file browser) is not possible for a normal user with rbfstab activated making mounter a consistent interface for users.

You can download CAINE 2.5/Supernova here:


Or read more here.


Recent in Forensics:
- DAMM – Differential Analysis of Malware in Memory
- Malheur – Automatic Malware Analysis Tool
- LiME – Linux Memory Extractor

Related Posts:
- Katana v2 (y0jimb0) – Portable Multi-Boot Security Suite
- raWPacket HeX – Network Security Monitoring & Analysis LiveCD
- PlainSight – Open Source Computer Forensics LiveCD

Most Read in Forensics:
- NetworkMiner – Passive Sniffer & Packet Analysis Tool for Windows - 66,134 views
- raw2vmdk – Mount Raw Hard Disk (dd) Images As VMDK Virtual Disks - 32,845 views
- sslsniff v0.6 Released – SSL MITM Tool - 27,126 views

Low-cost VPS Hosting

One Response to “CAINE (Computer Aided INvestigative Environment) – Digital Forensics LiveCD”

  1. Bogwitch 14 October 2011 at 11:07 pm Permalink

    Looks quite promising.
    the use of a software write blocker is an improvement over many forensic investigation distros I’ve seen but I would be reluctant to do any processing that may end up as court evidence without a hardware write blocker!
    Very disappointingly, there does not appear (from the developers site) to be any facility to create disk images to analyse, relying on the evidential media instead – a dangerous strategy! Also, there does not seem to be a case management tool.
    Finally, I do like the idea of automated reports, even semi-automated. I hate writing reports and forensic reports are as dry as they come.
    I think this distro would be useful for ‘on the spot’ forensics, initial investigation type of thing. I guess i’ll have to give it a test in it’s installed state to see what it’s true capabilities are.