banner
CAINE 6.0 Dark Matter 64bit released!
CAINE Dark Matter 6.0 released 06/10/2014

CHANGELOG CAINE 6.0 "Dark Matter"


fixed password request in polkit
fixed password request in textmode e tty
Bash bug fixed shellshock
mount policy always in ro and loop mode
fstrim disabled (enabled uncommenting the row in /etc/cron.weekly/fstrim)
autopsy patched by Maxim Suhanov
Many others tools and GUI.

dark matter

CAINE 5.0 Blackhole 64bit released!
CAINE Blackhole 5.0 released 17/01/2014

CHANGELOG CAINE 5.0 "Blackhole"

Kernel 3.8.0-35
Based on Ubuntu 12.04.3 64BIT - UEFI/SECURE BOOT Ready!

Caine 5.0 on pendrive can boot on Uefi/Uefi+secure boot/Legacy Bios/Bios.
Caine 5.0 on DVD can boot on Legacy Bios/Bios.

SystemBack is the new installer.

Caine has a new logo, thanks to Mr. Nino Salvati.

blackhole

CAINE LittleStar 64bit released!
CAINE LittleStar 2.0 released 30/10/2013
Changelog:
resolv.conf fixed
boot-repair and grub-customizer added
Broadcom Corporation BCM4313 wireless card drivers added
CAINE LittleStar is a parallel project to the official CAINE distro, it is a lighter version of CAINE based on Ubuntu 13.04 64 BIT, only to have a CAINE 64 bit version.
It can be useful for installing on 64 bit machines and it is taylored expecially for the acquisition (forensic copy) of devices. Download HERE

littlestar

CAINE 4.0 and NBCaine 4.0 codename "Pulsar" released!

pulsar

CAINE 4.0 codename "Pulsar" is cooking.

pulsar

NBCaine 3.0 codename "Quasar" is out! TSK 4.0.1 onboard! and new Kernel.


Caine 3.0 codename "Quasar" is out!

quasar

Caine 3.0 codename "Quasar" is cooking!

quasar

Caine 2.5.1 codename "Supernova" is out!

Caine 2.5.1 fixs some little things and update some tools...se the CHANGELOG

Caine 2.5 codename "Supernova" is out!

newlight

Caine 2.5 codename "Supernova" is cooking!

newlight

We are working on it! It will be an improvement of Caine 2.0 ;)

Caine 2.0 inside Katana multi boot suite

newlight

Thanks to Mr. Ronin and Carlos Luna now Caine is inside Katana, great work! http://www.hackfromacave.com/katana.html

CAINE-FROM-DEB

newlight

Thanks to Luigi Piciocchi, now it's available a DEB package for installing many useful tools directly on a installed Ubuntu 10.04 OS. http://www.caine-live.net/page5/page5.html

CAINE 2.0 (code name "NewLight") and NBCaine 2.0 are out!

newlight

Hi all! Caine 2.0 is online now...it's all updated, all the newest patches are there, take a tour on Caine website !

CAINE 1.5 (code name "Shining") is ONLINE

shining

Hi all! Caine 1.5 (Shining) is online! You can see the changelog in the Release page. We added and updated many tools, fixed many things....Caine 1.5 more friendly than before!

CAINE 1.5 (code name "Shining") is coming!

547923725_d34c27b9e8

Hi all! Caine 1.5 (Shining) is coming! We are working for the release 1.5, that will fix many features and it will update many tools and the kernel. We are following the friendness and usability. Linux for all!

CAINE 1.0 is online!

547923725_d34c27b9e8

Hi all! Caine 1.0 and NBCaine 1.0 are online now! I am Nanni Bassetti and I took the legacy of Giancarlo Giustini the founder of the distro, who remains in the team.
I applied 3 patches: one for this BUG, one for the mount policies, those are safer and future proof, and one for the partitions numbering...
Welcome to Maxim Suhanov, (AKA "forensics" in our forum), in our team!

Stay Tuned!

547923725_d34c27b9e8

Hi all! Soon Caine 1.0 and NBCaine 1.0 will be online! I am Nanni Bassetti and I took the legacy of Giancarlo Giustini the founder of the distro, who remains in the team.
I applied 3 patches: one for this BUG, one for the mount policies those are safer and future proof ;-) and one for the partitions numbering...Stay tuned few days to the launch!
Many thanks to Maxim Suhanov AKA "forensics" in our forum, for the patches and the help.

We are back!

547923725_d34c27b9e8

I apologize for the wait, but work and other business have kept me from completely devote to CAINE. I am back to work, and now in my spare time I'm updating the software and all the forensic products; in few months the 1.0 will be available for download as promised.

Thank you everybody for your support!

TomTom analysis with CAINE (English)

TomTom-ONE-XL
(UPDATE) We publish the English version of the forensic scenario analysis of a TomTom navigation system performed by Clara Colombini.

Clara noticed that TomTom navigation systems are not accessible with hardware write-blocker connected with the forensics workstation and MS Windows operating systems installed, so she developed and tested a methodology that would allow to acquire data stored on these devices without making any changes to them. Helix and CAINE implement the same secure mounting strategy, that mount devices with the options
ro, noexec and noatime, making the use of a write-blocker mandatory for legal issue, but not so binding as the experiment required.
The experiment is summarized into a document of twenty-four pages, in which the forensic analyst operates with the confidence to keep the evidence extracted from the TomTom valid for the court.

Here the article by Denis Frati and the PDF with the results of the experiment (ENGLISH - UPDATE!).

CAINE on Distrowatch

Immagine 2


We are finally on
Distrowatch!
Check our distro
here.

We are currently working on
CAINE 1.0, stay tuned!

TomTom analysis with CAINE (Italian)

TomTom-ONE-XL
NBCAINE is available for less than a month and it has already been used in a forensic scenario analysis of a TomTom navigation system. The analysis was performed by Clara Colombini.

Clara noticed that TomTom navigation systems are not accessible with hardware write-blocker connected with the forensics workstation and MS Windows operating systems installed, so she developed and tested a methodology that would allow to acquire data stored on these devices without making any changes to them. Helix and CAINE implement the same secure mounting strategy, that mount devices with the options
ro, noexec and noatime, making the use of a write-blocker mandatory for legal issue, but not so binding as the experiment required.
The experiment is summarized into a document of twenty-four pages, in which the forensic analyst operates with the confidence to keep the evidence extracted from the TomTom valid for the court.

Here the article by Denis Frati and the PDF with the results of the experiment (Italian).

CAINE reviewed

270550002_d4dfa03726_b

DIY Forensics & Incident Response Lab - link
“Regarding forensic software, so much is already out there, both free and commercial. If you're just getting started, take a look at Harlan's list and try out the Caine forensic and IR LiveCD, which contains all you need to get your feet wet. IT shops that have already purchased forensic packages, like FTK and Encase, can easily install it in the lab at no additional cost provided they use their existing licensing dongle when not in use for an actual case.”

John H. Sawyer, senior security engineer on the IT Security Team at the University of Florida.


Windows FE “Live CD” Posts Followup - link
“Curiously, and not noted in the test, was the fact that I tried local installation of Helix, RAPTOR, and DEFT forensic Linux builds on the test system’s hard drive. All three balked during the drive preparation process, despite my successful manual creation of the ext3 and swap partitions manually in their installers. Only the CAINE Live CD allowed me to install itself locally with no issues or complaints.”

From Claus Valca blog.


Applied Information Security book (future publication)
CAINE is a distribution focused on IT Forensics. It is a good learning environment for beginning users. CAINE has intuitive interfaces, a variety of functionality, and good reporting/documentation tools. Most IT Forensics suites are quite expensive and require a fair amount of training. A free tool like CAINE that has good collection, analysis, and reporting tools is invaluable for someone just starting out in the field.”

Dr. Randall Boyle, professor at the University of Utah.



CAINE ISO has reached 1500 downloads, and the new entry NBCAINE is currently at 120 downloads!

CAINE and Helix

helix
From “Security Viewpoints” by Derrick Webber:

“Oh no! Helix, the most popular compilation of forensics software on a bootable CD became payware only in February 2009. Now a $15/month subscription is required.
Previously, anyone could download and use the ISO for free, which lead to wide adoption… for example, the SANS forensic course uses it, and it was the tool of choice at a Canadian lead security agency where I used it to examine compromised workstations.

The best alternative right now seems to be the relatively new Live CD CAINE.

If your only goal is to obtain a valid disk image, Raptor from Forward Discovery is still free. There are also multiple other live CDs that include The Sleuth Kit and other collections of forensic tools. [...]”

We also report that CAINE iso has been downloaded 1000 times!

750 downloads of the ISO!

provacaine

CAINE iso has been downloaded 750 times! Thank you!

Here (in italian) an interview that Giancarlo Giustini gave to the italian blogger Dario Vignali.

Defcon 17 and CAINE

normal_Las Vegas, Nevada

Joe Cicero wrote me this e-mail today:

Giancarlo,
I've been teaching Incident Response, E-discovery, and Computer Forensics for approximately 5 years at the technical college level. I used other open source tools and utilities before CAINE but none of them worked as well "out of the box". I am a regular user of the forum and I get quick responses to my e-mails and postings when contacting the CAINE team. If you are interested in learning, teaching or conducting computer forensics and you want to spend less time configuring and more time analyzing CAINE is for you.

Joe Cicero will mention the use of CAINE in his discussion at
Defcon 17, (July 31st - August 2nd, 2009 at the Riviera Hotel and Casino in Las Vegas, Nevada).

Thank you Joe!

Joe Cicero is currently a Network Specialist Instructor for Northeast Wisconsin Technical College, he specializes in teaching Linux, Network Security, and Computer Forensics Courses. He is originally from Green Bay and in 1985 he joined the Marines. His final duty assignment was as the Operations Chief for Tactical Warfare Simulations Evaluations Analyses Systems (TWSEAS) where he traveled the world conducting training through use of computer simulations.
Last year, for Defcon 16, he had submitted a white paper entitled "Forensic And Recovery Techniques used while Data mining Institutions for Education".
Here is the link of the Defcon 16 speakers.

Talking about... CAINE!

sunset
Sunset @ Ciudad de Mexico by Esparta (modded by GIanchi) - CC


http://vulnerabilityteam.wordpress.com/2009/02/26/nueva-version-del-caine-livecd-para-informatica-forense/
http://raulespinola.wordpress.com/2009/02/28/caine-gnulinux-livecd-para-informatica-forense/
http://meneame.net/story/caine-livecd-gnulinux-para-informatica-forense
http://busquiel.sociallinux.org/2009/02/27/
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/action,printpage/topic,3643.0/
https://lists.ubuntu.com/archives/ubuntu-it/2008-October/034680.html
http://www.comunidade-linuxnarede.eti.br/modules/news/article.php?storyid=798

5 days of 0.5

438296669_a6096f5a20_b-1
Orange Line @ eTech 2007 by eschipul (CC)

CAINE 0.5 iso has been downloaded 250 times in only 5 days, and the site has sustained a really huge amount of requests this week, with a peak never seen before!
Thank you for choosing us!

Jaime Andrés Restrepo, a Computer Security Researcher, has just translated the report template in Spanish, and we will include the new template in the future version of CAINE.
If you wish to participate by providing the translation of the report in your language or if you have found a translation mistake,
please contact the CAINE team.

I also suggest to take a look to our forum here, if you want to contribute or find some important informations and many guides provided directly by the users of CAINE.

A lot of digital security and computer forensics web sites are talking about our brand new version:
http://www.secuobs.com/revue/news/65495.shtml
http://forcomp.blogspot.com/2009/02/caine-05.html
http://www.security-database.com/toolswatch/CAINE-Computer-Aided-INvestigative.html
http://seguridad-informacion.blogspot.com/2009/02/caine-05-released.html
http://webnoticiero.blogspot.com/2009/02/nueva-version-del-caine-livecd-para.html
http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&p=6526339
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,3643.msg16917/topicseen,1/

CAINE in the world

collage

A mix of international web sites talking Manual and Policies Live CD.
Thanks to Benedetto Colangelo and Nanni Bassetti that went beyond the edges of a simple “google search”!

CAINE 0.5 released!

caine05b

Main features:
- WinTaylor, forensic frontend for Windows environment
- Html page IE-compatible to run the forensic tools in Windows
- Ntfs-3g updated to 2009.1.1 (resolve a ntfs-3g bug)
- New boot option: text mode.
- Ubuntu 8.04 packages updated
- Firefox 3.0.6
- Gtkhash, frontend for hashing files
- New reporting features: investigators and case name added
- Multi-language report: italian, english, german, french and portuguese
- Firefox starts with the list of tools and a brief utilization manual.

PSX Installer

PSX Installer 1.3 by Denis Frati added to the Downloads section.