- Joined
- May 15, 2017
- Messages
- 984
- Likes
- 759
- Points
- 1,045
CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a Digital Forensics project. Currently, the project manager is Nanni Bassetti (Bari - Italy).
CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface.
The main design objectives that CAINE aims to guarantee are the following:
- an interoperable environment that supports the digital investigator during the four phases of the digital investigation
- a user-friendly graphical interface
- user-friendly tools
The important news is CAINE 11.0 blocks all the block devices (e.g. /dev/sda), in Read-Only mode. You can use a tool with a GUI named BlockON/OFF present on CAINE's Desktop.
This new write-blocking method assures all disks are really preserved from accidentally writing operations, because they are locked in Read-Only mode.
If you need to write a disk, you can unlock it with BlockOn/Off or using "Mounter" changing the policy in writable mode.
CAINE is always more fast during the boot.
CAINE 11.0 can boot to RAM (toram).
IMPORTANT CHANGES:
- All devices are blocked in Read-Only mode, by default.
- New tools, new OSINT, Autopsy 4.13 onboard, APFS ready,BTRFS forensic tool, NVME SSD drivers ready!
- SSH server disabled by default (see Manual page for enabling it).
- SCRCPY - screen your android device
- Autopsy 4.13 + additional plugins by McKinnon.
- X11VNC Server - to control CAINE remotely.
- hashcat
- NEW SCRIPTS (Forensics Tools - Analysis menu)
- AutoMacTc - a forensics tool for Mac.
- Bitlocker - volatility plugin
- Autotimeliner - Automagically extract forensic timeline from volatile memory dumps.
- Firmwalker - firmware analyzer.
- CDQR - Cold Disk Quick Response tool
- many others fixing and software updating.