CAINE (Computer Aided INvestigative Environment) – Digital Forensics LiveCD

The New Acunetix V12 Engine


CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a project of Digital Forensics. CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface.

The main design objectives that CAINE aims to guarantee are the following:

  • an interoperable environment that supports the digital investigator during the four phases of the digital investigation
  • a user friendly graphical interface
  • a semi-automated compilation of the final report

New Features/Tools

  • New NAUTILUS SCripts
  • ataraw
  • bloom
  • fiwalk
  • xnview
  • NOMODESET in starting menu
  • xmount
  • sshfs
  • Reporting by Caine Interface fixed
  • xmount-gui
  • nbtempo
  • fileinfo
  • TSK_Gui
  • Raid utils e bridge utils
  • SMBFS
  • BBT.py
  • Widows Side:
  • Wintaylor updated & upgraded

“rbfstab” is a utility that is activated during boot or when a device is plugged. It writes read-only entries to /etc/fstab so devices are safely mounted for forensic imaging/examination. It is self installing with ‘rbfstab -i’ and can be disabled with ‘rbfstab -r’. It contains many improvements over past rebuildfstab incarnations. Rebuildfstab is a traditional means for read-only mounting in forensics-orient distributions.

“mounter” is a GUI mounting tool that sits in the system tray. Left clicking the system tray drive icon activates a window where the user can select devices to mount or un-mount. With rbfstab activated, all devices, except those with volume label “RBFSTAB”, are mounted read-only. Mounting of block devices in Nautilus (file browser) is not possible for a normal user with rbfstab activated making mounter a consistent interface for users.

You can download CAINE 2.5/Supernova here:

caine2.5.iso

Or read more here.

Posted in: Forensics, Hacking Tools, Linux Hacking

, , , , , ,


Latest Posts:


SCADA Hacking - Industrial Systems Woefully Insecure SCADA Hacking – Industrial Systems Woefully Insecure
airgeddon - Wireless Security Auditing Script airgeddon – Wireless Security Auditing Script
Airgeddon is a Bash powered multi-use Wireless Security Auditing Script for Linux systems with an extremely extensive feature list.
Acunetix v12 - Pause & Resume Acunetix v12 – More Comprehensive More Accurate & 2x Faster
Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix v12 - more comprehensive, accurate & 2x faster.
CloudFrunt - Identify Misconfigured CloudFront Domains CloudFrunt – Identify Misconfigured CloudFront Domains
CloudFrunt is a Python-based tool for identifying misconfigured CloudFront domains, it uses DNS and looks for CNAMEs which may be allowed to be associated with CloudFront distributions.
Airbash - Fully Automated WPA PSK Handshake Capture Script Airbash – Fully Automated WPA PSK Handshake Capture Script
Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing, it is compatible with Bash and Android Shell.
XXEinjector - Automatic XXE Injection Tool For Exploitation XXEinjector – Automatic XXE Injection Tool For Exploitation
XXEinjector is an XXE Injection Tool that automates retrieving files using direct and out of band methods. Directory listing only works in Java applications.


One Response to CAINE (Computer Aided INvestigative Environment) – Digital Forensics LiveCD

  1. Bogwitch October 14, 2011 at 11:07 pm #

    Looks quite promising.
    the use of a software write blocker is an improvement over many forensic investigation distros I’ve seen but I would be reluctant to do any processing that may end up as court evidence without a hardware write blocker!
    Very disappointingly, there does not appear (from the developers site) to be any facility to create disk images to analyse, relying on the evidential media instead – a dangerous strategy! Also, there does not seem to be a case management tool.
    Finally, I do like the idea of automated reports, even semi-automated. I hate writing reports and forensic reports are as dry as they come.
    I think this distro would be useful for ‘on the spot’ forensics, initial investigation type of thing. I guess i’ll have to give it a test in it’s installed state to see what it’s true capabilities are.