Introduction
CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a Digital Forensics project. It’s a professional open source forensic platform that integrates software tools as modules along with powerful scripts in a graphical interface environment. To grab CAINE visit Caine Live download page.
CAINE: GNU/Linux Live Distribution for Digital Forensics, Windows Forensics & Incident Response
CAINE Linux is an open-source digital forensics platform that provides all the tools required to perform the digital forensic investigate process. It also comes bundled with some impressive and wide range digital forensics tools, that are precious for digital forensics professionals. It can be used by law enforcement, military and corporate examiners to investigate what happened on a computer.
CAINE offers you:
- an interoperable environment that supports the digital investigator during the four phases of the digital investigation
- user-friendly tools (wide range of tools for digital forensics operations)
- a user-friendly graphical interface
Some of the Tools:
CAINE provides software tools that support database, memory, forensic and network analysis. Examination of Linux, Microsoft Windows and some Unix platforms is built-in. CAINE also has a Windows IR/Live forensics tools.
- The Sleuth Kit
- Autopsy
- WinAudit
- PhotoRec
- RegRipper
- Tinfoleak
- Fsstat
- MWSnap
- Wireshark
- Arsenal Image Mounter
- FTK Imager
- Hex Editor
- JpegView
- NTFS Journal viewer
- QuickHash
- NBTempoW
- USB Write Protector
- Windows File Analyzer
To see full list of available tools, visit Caine Live tools page.
Requirements:
CAINE is based on Ubuntu 18.04
64-bit, using Linux kernel 4.15.0-38
. You can download CAINE distro as a hybrid Live DVD ISO image that contains software packages optimized only for the 64-bit
(x86_64/amd64
) hardware platforms. ISO image can be written on a blank DVD disc or on a USB flash drive of 4GB+
capacity, which allows you to boot the OS from the BIOS.
Install
/dev/sda
), in Read-Only mode. You can use a tool with a GUI named BlockON/OFF present on CAINE’s Desktop. This new write-blocking method assures all disks are really preserved from accidentally writing operations, because they are locked in Read-Only mode. If you need to write a disk, you can unlock it with BlockOn/Off or using “Mounter” changing the policy in writable mode.Ubiquity is the installer, even if for old BIOS based computers, you need to run BootRepair after the end of Ubiquity. You can install it in a pendrive (USB 4gb+). Download the CAINE ISO Image.
After installation, you need to edit the /usr/sbin/rbfstab
:
- change
swapoff -a
inswapon -a
- change the row
swap) OPTIONS=ro,noauto ;;
withswap) OPTIONS=rw,auto ;;
- and rebooot
For manual installation and detailed guide, visit CAINE installation guide.