CAINE (Computer Aided INvestigative Environment) – Digital Forensics LiveCD


CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a project of Digital Forensics. CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface.

The main design objectives that CAINE aims to guarantee are the following:

  • an interoperable environment that supports the digital investigator during the four phases of the digital investigation
  • a user friendly graphical interface
  • a semi-automated compilation of the final report

New Features/Tools

  • New NAUTILUS SCripts
  • ataraw
  • bloom
  • fiwalk
  • xnview
  • NOMODESET in starting menu
  • xmount
  • sshfs
  • Reporting by Caine Interface fixed
  • xmount-gui
  • nbtempo
  • fileinfo
  • TSK_Gui
  • Raid utils e bridge utils
  • SMBFS
  • BBT.py
  • Widows Side:
  • Wintaylor updated & upgraded

“rbfstab” is a utility that is activated during boot or when a device is plugged. It writes read-only entries to /etc/fstab so devices are safely mounted for forensic imaging/examination. It is self installing with ‘rbfstab -i’ and can be disabled with ‘rbfstab -r’. It contains many improvements over past rebuildfstab incarnations. Rebuildfstab is a traditional means for read-only mounting in forensics-orient distributions.

“mounter” is a GUI mounting tool that sits in the system tray. Left clicking the system tray drive icon activates a window where the user can select devices to mount or un-mount. With rbfstab activated, all devices, except those with volume label “RBFSTAB”, are mounted read-only. Mounting of block devices in Nautilus (file browser) is not possible for a normal user with rbfstab activated making mounter a consistent interface for users.

You can download CAINE 2.5/Supernova here:

caine2.5.iso

Or read more here.

Posted in: Forensics, Hacking Tools, Linux Hacking

, , , , , ,


Latest Posts:


Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.


One Response to CAINE (Computer Aided INvestigative Environment) – Digital Forensics LiveCD

  1. Bogwitch October 14, 2011 at 11:07 pm #

    Looks quite promising.
    the use of a software write blocker is an improvement over many forensic investigation distros I’ve seen but I would be reluctant to do any processing that may end up as court evidence without a hardware write blocker!
    Very disappointingly, there does not appear (from the developers site) to be any facility to create disk images to analyse, relying on the evidential media instead – a dangerous strategy! Also, there does not seem to be a case management tool.
    Finally, I do like the idea of automated reports, even semi-automated. I hate writing reports and forensic reports are as dry as they come.
    I think this distro would be useful for ‘on the spot’ forensics, initial investigation type of thing. I guess i’ll have to give it a test in it’s installed state to see what it’s true capabilities are.