GNU/Linux Digital Forensics Distro – CAINE

CyberPunk Digital Forensics
GNU/Linux Digital Forensics Distro – CAINE

Introduction

CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a Digital Forensics project. It’s a professional open source forensic platform that integrates software tools as modules along with powerful scripts in a graphical interface environment. To grab CAINE visit Caine Live download page.

CAINE Banner

CAINE: GNU/Linux Live Distribution for Digital Forensics, Windows Forensics & Incident Response

CAINE Linux is an open-source digital forensics platform that provides all the tools required to perform the digital forensic investigate process. It also comes bundled with some impressive and wide range digital forensics tools, that are precious for digital forensics professionals. It can be used by law enforcement, military and corporate examiners to investigate what happened on a computer.

CAINE represents fully the spirit of the Open Source philosophy, because the project is completely open, everyone could take on the legacy of the previous developer or project manager. The distro is open source, the Windows side is freeware and, the last but not least, the distro is installable, thus giving the opportunity to rebuild it in a new brand version, so giving a long life to this project …. (Nanni Bassetti)

CAINE offers you:

  • an interoperable environment that supports the digital investigator during the four phases of the digital investigation
  • user-friendly tools (wide range of tools for digital forensics operations)
  • a user-friendly graphical interface

CAINE Infinity 10.0

Some of the Tools:

CAINE provides software tools that support database, memory, forensic and network analysis. Examination of Linux, Microsoft Windows and some Unix platforms is built-in. CAINE also has a Windows IR/Live forensics tools.

  • The Sleuth Kit
  • Autopsy
  • WinAudit
  • PhotoRec
  • RegRipper
  • Tinfoleak
  • Fsstat
  • MWSnap
  • Wireshark
  • Arsenal Image Mounter
  • FTK Imager
  • Hex Editor
  • JpegView
  • NTFS Journal viewer
  • QuickHash
  • NBTempoW
  • USB Write Protector
  • Windows File Analyzer

To see full list of available tools, visit Caine Live tools page.

Requirements:

CAINE is based on Ubuntu 18.04 64-bit, using Linux kernel 4.15.0-38.  You can download CAINE distro as a hybrid Live DVD ISO image that contains software packages optimized only for the 64-bit (x86_64/amd64) hardware platforms. ISO image can be written on a blank DVD disc or on a USB flash drive of 4GB+ capacity, which allows you to boot the OS from the BIOS.

Install

Important:  CAINE 10.0 blocks all the block devices (e.g. /dev/sda), in Read-Only mode. You can use a tool with a GUI named BlockON/OFF present on CAINE’s Desktop. This new write-blocking method assures all disks are really preserved from accidentally writing operations, because they are locked in Read-Only mode. If you need to write a disk, you can unlock it with BlockOn/Off or using “Mounter” changing the policy in writable mode.

Ubiquity is the installer, even if for old BIOS based computers, you need to run BootRepair after the end of Ubiquity. You can install it in a pendrive (USB 4gb+). Download the CAINE ISO Image.

After installation, you need to edit the /usr/sbin/rbfstab :

  1. change swapoff -a in swapon -a
  2. change the row swap) OPTIONS=ro,noauto ;; with swap) OPTIONS=rw,auto ;;
  3. and rebooot

For manual installation and detailed guide, visit CAINE installation guide.

Download Box
Data AnalysislinuxMemory AnalysisNetwork AnalysisWindows