CAINE (Computer Aided INvestigative Environment) – Digital Forensics LiveCD

The New Acunetix V12 Engine


CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a project of Digital Forensics. CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface.

The main design objectives that CAINE aims to guarantee are the following:

  • an interoperable environment that supports the digital investigator during the four phases of the digital investigation
  • a user friendly graphical interface
  • a semi-automated compilation of the final report

New Features/Tools

  • New NAUTILUS SCripts
  • ataraw
  • bloom
  • fiwalk
  • xnview
  • NOMODESET in starting menu
  • xmount
  • sshfs
  • Reporting by Caine Interface fixed
  • xmount-gui
  • nbtempo
  • fileinfo
  • TSK_Gui
  • Raid utils e bridge utils
  • SMBFS
  • BBT.py
  • Widows Side:
  • Wintaylor updated & upgraded

“rbfstab” is a utility that is activated during boot or when a device is plugged. It writes read-only entries to /etc/fstab so devices are safely mounted for forensic imaging/examination. It is self installing with ‘rbfstab -i’ and can be disabled with ‘rbfstab -r’. It contains many improvements over past rebuildfstab incarnations. Rebuildfstab is a traditional means for read-only mounting in forensics-orient distributions.

“mounter” is a GUI mounting tool that sits in the system tray. Left clicking the system tray drive icon activates a window where the user can select devices to mount or un-mount. With rbfstab activated, all devices, except those with volume label “RBFSTAB”, are mounted read-only. Mounting of block devices in Nautilus (file browser) is not possible for a normal user with rbfstab activated making mounter a consistent interface for users.

You can download CAINE 2.5/Supernova here:

caine2.5.iso

Or read more here.

Posted in: Forensics, Hacking Tools, Linux Hacking

, , , , , ,


Latest Posts:


Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.


One Response to CAINE (Computer Aided INvestigative Environment) – Digital Forensics LiveCD

  1. Bogwitch October 14, 2011 at 11:07 pm #

    Looks quite promising.
    the use of a software write blocker is an improvement over many forensic investigation distros I’ve seen but I would be reluctant to do any processing that may end up as court evidence without a hardware write blocker!
    Very disappointingly, there does not appear (from the developers site) to be any facility to create disk images to analyse, relying on the evidential media instead – a dangerous strategy! Also, there does not seem to be a case management tool.
    Finally, I do like the idea of automated reports, even semi-automated. I hate writing reports and forensic reports are as dry as they come.
    I think this distro would be useful for ‘on the spot’ forensics, initial investigation type of thing. I guess i’ll have to give it a test in it’s installed state to see what it’s true capabilities are.