Windows side for Caine 6.0 and 5.0: Win-Ufo


CAINE is now partnered with WIN-UFO. Thank to Emory Mullis and Scott White for having developed this very good tool for the Live computer forensics, it is Win-Ufo
Since Caine 5.0 it will be onboard in the Caine's Windows Side, I'm happy to have this collaboration, because I think that Win-Ufo is a complete software to manage the Live analysis and reporting of all the operations made. Click here to download WIN-UFO
A minor fix update for Win-UFO v5.0
When Win-UFO isn't ran as an admin, it displays a notice telling you how to run it as an admin. In the notice, it says Win-UFO will attempt to open the location where it resides. However, this attempt always failed. This issue has been fixed.
You can get the update at our web site: CLICK HERE

NirLauncher by NirSoft new Windows Side of Caine!

NirLauncher by Nirsoft - DOWNLOAD HERE
It includes Sysinternals suite, FTK Imager, Piriform tools and many others...


WINTAYLOR 2.5.1 is out!

For running SYSTEM INFO button of Wintaylor 2.5.1 you have to rename /programs/tools/msix.exe in msi.exe.



It's simpler than Wintaylor 1.5, easy to use and I developed the Nirsoft Mega Report an useful utility that uses many Nirsoft tools and generates an HTML report. Wintaylor 2.0 is designed for reaching the maximum compatibility and for the live analysis and Incident Response on MS Windows Systems.
Do not put Wintaylor 2.1 in a directory named with spaces included!
Rename the file /Programs/tools/nirsoft/MNR.bat in nmr.bat (fixed 29-Sep-2010)

Nanni Bassetti - Project Manager
WARNING!!!: Many Firewalls and AntiViruses could give a fake alert message!



WinTaylor is the new forensic interface built for Windows and included in CAINE Live CD. It is written in Visual Basic 6 to maximize compatibility with older Windows systems, and provides an internal set of well-known forensic programs.

WinTaylor proposes a simple and complete forensic software integration and inherits the design philosophy of CAINE.
To ensure transparency of the operations performed by WinTaylor during its execution, we have made available the source code of the program, that is licensed under the Lesser GPL License 2.1. The code is visible and editable, for the benefit of developers and to preserve the good standards of open source forensic software.
The interface is structured in the familiar CAINE’s tabs style, and implements the well-known reporting system to record the investigative sessions.


  • Report creation tool, that saves in a plain and portable text file the list of used programs with time-stamps .
  • Tabbed structure that gives a logical schema to the investigation process.
  • Command-line tools that print their output inside WinTaylor.
  • Updated Sysinternals tools
  • Versatile hashing tool
  • Snapshot tool

Analysis 1

Analysis 2

Analysis 3

Sysinternals (GUI and Terminal)