banner
News

Caine 9.0 Quantum 64bit released! CAINE 9.0 Quantum released 30/10/2017

CHANGELOG CAINE 9.0 "Blazar"



RegRipper, VolDiff, SafeCopy, PFF tools, pslistutil, mouseemu, NBTempoX,Osint: Infoga, The Harvester, Tinfoleak regfmount and libregf-utils installed.
many and many scripts and programs....
SSH server disabled by default (see Manual page for enabling it).
Autopsy 2.24 fixed - srch_strings changed with "GNU strings" renamed in srch_strings.
many others fixing and software updating.

Windows Side:

Windows Side with for Incident Response/Live Analysis on Windows systems.
Tools: Nirsoft suite + launcher, WinAudit, MWSnap, Arsenal Image Mounter, FTK Imager, Hex Editor, JpegView, Network tools, NTFS Journal viewer, Photorec & TestDisk, QuickHash, NBTempoW, USB Write Protector, VLC, Windows File Analyzer.

dark matter

Caine 8.0 Blazar 64bit released! CAINE 8.0 Blazar released 30/10/2016

CHANGELOG CAINE 8.0 "Blazar"


ADDED/CHANGED in CAINE 8.0:

The important news is CAINE 8.0 blocks all the block devices (e.g. /dev/sda), in Read-Only mode. You can use a tool with a GUI named BlockON/OFF present on Caine's Desktop.
This new write-blocking method assures all disks are really preserved from accidentally writing operations, because they are locked in Read-Only mode.
If you need to write a disk, you can unlock it with BlockOn/Off or using "Mounter" changing the policy in writable mode.


IMG_MAP (image dd/raw and ewf mounter)
XAll 1.5
RecuperaBit
SQLParse
PEFrame
Yara
PDF analysis
MemDump
ADB and LibMobileDevice
Gigolo (network filesystem client)
Shrew (VPN manager)
wxHexEditor
Jeex
XRCed
PffLib
imount, vhdimount and vhdiinfo
samba
vblade
iscsitarget
hashdb
trim disabled
Tilda
many and many scripts and programs....


dark matter

Caine 7.0 DeepSpace 64bit released! CAINE 7.0 Deepspace released 06/11/2015

CHANGELOG CAINE 7.0 "DeepSpace"


ADDED/CHANGED in CAINE 7.0:

The important news is CAINE 7.0 blocks all the block devices (e.g. /dev/sda), in Read-Only mode. You can use a tool with a GUI named BlockON/OFF present on Caine's Desktop.
This new write-blocking method assures all disks are really preserved from accidentally writing operations, because they are locked in Read-Only mode.
If you need to write a disk, you can unlock it with BlockOn/Off or using "Mounter" changing the policy in writable mode.


fixed FMOUNT
XAll
BTCScan (Bitcoin scanner)
dmraid
okteta
x11vnc server
gvncviewer
ssh
openssh
wput
unBlock (block in RO/RW block devices)
mount-nfs
scalpel 2.1
new peframe
damm
find_times
parse_VSS_RFC
4n6 scripts updated
quickhash updated
bleachbit
usnj
vshot
zulucrypt
ddrescue-gui
ddrescueView
dd utility
iloot
python_regparse
libmobiledevice
ifuse
ddrescueview
INDEXparse.py, Shellbags.py, evtxexport.py, extxinfo.py
NFS client.


dark matter

Caine 6.0 Dark Matter 64bit released! CAINE 6.0 Dark Matter released 06/10/2014

CHANGELOG CAINE 6.0 "Dark Matter"


Kernel 3.13.0-36
fixed password request in polkit
fixed password request in textmode e tty
Bash bug fixed shellshock
mount policy always in ro and loop mode
fstrim disabled (enabled uncommenting the row in /etc/cron.weekly/fstrim)
autopsy patched by Maxim Suhanov
Many others tools and GUI.

dark matter

Caine 5.0 Blackhole 64bit released! CAINE 5.0 Blackhole released 17/01/2014

CHANGELOG CAINE 5.0 "Blackhole"

Kernel 3.8.0-35
Based on Ubuntu 12.04.3 64BIT - UEFI/SECURE BOOT Ready!

Caine 5.0 on pendrive can boot on Uefi/Uefi+secure boot/Legacy Bios/Bios.
Caine 5.0 on DVD can boot on Legacy Bios/Bios.

SystemBack is the new installer.

Caine has a new logo, thanks to Mr. Nino Salvati.

pulsar

Caine LittleStar 64bit released! CAINE LittleStar 2.0 released 30/10/2013

Changelog:
resolv.conf fixed
boot-repair and grub-customizer added
Broadcom Corporation BCM4313 wireless card drivers added

pulsar

Caine 4.0 and NBCaine 4.0 codename "Pulsar" are out!

pulsar

NBCaine 3.0 codename "Quasar" is out!

quasar

Caine 3.0 codename "Quasar" is out!

quasar

Caine 3.0 codename "Quasar" is cooking!

quasar

Caine 2.5.1 codename "Supernova" is out!

newlight

Caine 2.5 codename "Supernova" is out!

newlight

Caine 2.5 codename "Supernova" is cooking

newlight

We are working on it! It will be an improvement of Caine 2.0 ;)

Caine 2.0 inside Katana multi boot suite

newlight

Thanks to Mr. Ronin and Carlos Luna now Caine is inside Katana, great work! http://www.hackfromacave.com/katana.html

Caine-From-Deb

newlight

Thanks to Luigi Piciocchi, now it's available a DEB package for installing many useful tools directly on a installed Ubuntu 10.04 OS.

CAINE 2.0 and NBCaine 2.0 are out

newlight

Hi all! Caine 2.0 is online now...it's all updated, all the newest patches are there, take a tour on Caine website !

CAINE 1.5 (code name "Shining") is ONLINE

shining

Hi all! Caine 1.5 (Shining) is online! You can see the changelog in the home page. We added and updated many tools, fixed many things....Caine 1.5 more friendly than before!

CAINE 1.5 (code name "Shining") is coming!

547923725_d34c27b9e8

Hi all! Caine 1.5 (Shining) is coming! We are working for the release 1.5, that will fix many features and it will update many tools and the kernel. We are following the friendness and usability. Linux for all!

CAINE 1.0 is online!

547923725_d34c27b9e8

Hi all! Caine 1.0 and NBCaine 1.0 are online now! I am Nanni Bassetti and I took the legacy of Giancarlo Giustini the founder of the distro, who remains in the team.
I applied 3 patches: one for this BUG, one for the mount policies, those are safer and future proof, and one for the partitions numbering...
Welcome to Maxim Suhanov, (AKA "forensics" in our forum), in our team!

Stay Tuned!

547923725_d34c27b9e8

Hi all! Soon Caine 1.0 and NBCaine 1.0 will be online! I am Nanni Bassetti and I took the legacy of Giancarlo Giustini the founder of the distro, who remains in the team.
I applied 3 patches: one for this BUG, one for the mount policies those are safer and future proof ;-) and one for the partitions numbering...Stay tuned few days to the launch!
Many thanks to Maxim Suhanov AKA "forensics" in our forum, for the patches and the help.

We are back!

547923725_d34c27b9e8

I apologize for the wait, but work and other business have kept me from completely devote to CAINE. I am back to work, and now in my spare time I'm updating the software and all the forensic products; in few months the 1.0 will be available for download as promised.

Thank you everybody for your support!

CAINE on Distrowatch

Immagine 2


We are finally on
Distrowatch!
Check our distro
here.

We are currently working on
CAINE 1.0, stay tuned!

CAINE reviewed

270550002_d4dfa03726_b

DIY Forensics & Incident Response Lab - link
“Regarding forensic software, so much is already out there, both free and commercial. If you're just getting started, take a look at Harlan's list and try out the Caine forensic and IR LiveCD, which contains all you need to get your feet wet. IT shops that have already purchased forensic packages, like FTK and Encase, can easily install it in the lab at no additional cost provided they use their existing licensing dongle when not in use for an actual case.”

John H. Sawyer, senior security engineer on the IT Security Team at the University of Florida.


Windows FE “Live CD” Posts Followup - link
“Curiously, and not noted in the test, was the fact that I tried local installation of Helix, RAPTOR, and DEFT forensic Linux builds on the test system’s hard drive. All three balked during the drive preparation process, despite my successful manual creation of the ext3 and swap partitions manually in their installers. Only the CAINE Live CD allowed me to install itself locally with no issues or complaints.”

From Claus Valca blog.


Applied Information Security book (future publication)
CAINE is a distribution focused on IT Forensics. It is a good learning environment for beginning users. CAINE has intuitive interfaces, a variety of functionality, and good reporting/documentation tools. Most IT Forensics suites are quite expensive and require a fair amount of training. A free tool like CAINE that has good collection, analysis, and reporting tools is invaluable for someone just starting out in the field.”

Dr. Randall Boyle, professor at the University of Utah.



CAINE ISO has reached 1500 downloads, and the new entry NBCAINE is currently at 120 downloads!

CAINE and Helix

helix
From “Security Viewpoints” by Derrick Webber:

“Oh no! Helix, the most popular compilation of forensics software on a bootable CD became payware only in February 2009. Now a $15/month subscription is required.
Previously, anyone could download and use the ISO for free, which lead to wide adoption… for example, the SANS forensic course uses it, and it was the tool of choice at a Canadian lead security agency where I used it to examine compromised workstations.

The best alternative right now seems to be the relatively new Live CD CAINE.

If your only goal is to obtain a valid disk image, Raptor from Forward Discovery is still free. There are also multiple other live CDs that include The Sleuth Kit and other collections of forensic tools. [...]”

We also report that CAINE iso has been downloaded 1000 times!

750 downloads of the ISO!

provacaine

CAINE iso has been downloaded 750 times! Thank you!

Here (in italian) an interview that Giancarlo Giustini gave to the italian blogger Dario Vignali.

Defcon 17 and CAINE

normal_Las Vegas, Nevada

Joe Cicero wrote me this e-mail today:

Giancarlo,
I've been teaching Incident Response, E-discovery, and Computer Forensics for approximately 5 years at the technical college level. I used other open source tools and utilities before CAINE but none of them worked as well "out of the box". I am a regular user of the forum and I get quick responses to my e-mails and postings when contacting the CAINE team. If you are interested in learning, teaching or conducting computer forensics and you want to spend less time configuring and more time analyzing CAINE is for you.

Joe Cicero will mention the use of CAINE in his discussion at
Defcon 17, (July 31st - August 2nd, 2009 at the Riviera Hotel and Casino in Las Vegas, Nevada).

Thank you Joe!

Joe Cicero is currently a Network Specialist Instructor for Northeast Wisconsin Technical College, he specializes in teaching Linux, Network Security, and Computer Forensics Courses. He is originally from Green Bay and in 1985 he joined the Marines. His final duty assignment was as the Operations Chief for Tactical Warfare Simulations Evaluations Analyses Systems (TWSEAS) where he traveled the world conducting training through use of computer simulations.
Last year, for Defcon 16, he had submitted a white paper entitled "Forensic And Recovery Techniques used while Data mining Institutions for Education".
Here is the link of the Defcon 16 speakers.

Talking about... CAINE!

sunset
Sunset @ Ciudad de Mexico by Esparta (modded by GIanchi) - CC


http://vulnerabilityteam.wordpress.com/2009/02/26/nueva-version-del-caine-livecd-para-informatica-forense/
http://raulespinola.wordpress.com/2009/02/28/caine-gnulinux-livecd-para-informatica-forense/
http://meneame.net/story/caine-livecd-gnulinux-para-informatica-forense
http://busquiel.sociallinux.org/2009/02/27/
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/action,printpage/topic,3643.0/
https://lists.ubuntu.com/archives/ubuntu-it/2008-October/034680.html
http://www.comunidade-linuxnarede.eti.br/modules/news/article.php?storyid=798

5 days of 0.5

438296669_a6096f5a20_b-1
Orange Line @ eTech 2007 by eschipul (CC)

CAINE 0.5 iso has been downloaded 250 times in only 5 days, and the site has sustained a really huge amount of requests this week, with a peak never seen before!
Thank you for choosing us!

Jaime Andrés Restrepo, a Computer Security Researcher, has just translated the report template in Spanish, and we will include the new template in the future version of CAINE.
If you wish to participate by providing the translation of the report in your language or if you have found a translation mistake,
please contact the CAINE team.

I also suggest to take a look to our forum here, if you want to contribute or find some important informations and many guides provided directly by the users of CAINE.

A lot of digital security and computer forensics web sites are talking about our brand new version:
http://www.secuobs.com/revue/news/65495.shtml
http://forcomp.blogspot.com/2009/02/caine-05.html
http://www.security-database.com/toolswatch/CAINE-Computer-Aided-INvestigative.html
http://seguridad-informacion.blogspot.com/2009/02/caine-05-released.html
http://webnoticiero.blogspot.com/2009/02/nueva-version-del-caine-livecd-para.html
http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&p=6526339
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,3643.msg16917/topicseen,1/

CAINE in the world

collage

A mix of international web sites talking Manual and Policies Live CD.
Thanks to Benedetto Colangelo and Nanni Bassetti that went beyond the edges of a simple “google search”!

PSX Installer

PSX Installer 1.3 by Denis Frati added to the Downloads section.

Manual and Policies

CAINE and the blogosphere (updated).

Bootable CD-ROM and Virtual Machine toolkits (ENG)
NebraskaCERTCSF - Free Forensic Tools (ENG)
CAINE - A digital forensic project on Live CD (ENG)
Recuperar ficheros borrados desde Ubuntu Linux (SPA)
CAINE, LiveCD GNU/Linux para Informática Forense (SPA)
Novos Live CDs (SPA)
CAINE, um LiveCD para informática forense (PORTO)
CAINE, LiveCD GNU/Linux para Informática Forense (SPA)
CAINE, LiveCD GNU/Linux (SPA)
Computer Aided INvestigative Environment (CAINE) y Buenas Prácticas (SPA)
http://www.secorvo.de/security-news/secorvo-ssn0812.pdf (GER)
CAINE, LiveCD GNU/Linux para Informática Forense (SPA)

Master with CAINE

CAINE has been chosen as lead distribution in the post-graduate Master of Digital Forensics by Studiodelta (see Project area).