banner
CAINE 13.0 WARP 64bit released!
CAINE 13.0 Warp released 16/Mar/2023

dark matter

CHANGELOG CAINE 13.0 "WARP"

Kernel 5.15.0-67
Based on Ubuntu 22.04 64BIT - UEFI Ready!

CAINE 13.0 can boot on Uefi/Uefi/Legacy Bios/Bios.


If secureboot failed, try to disable it from UEFI.

If you want to create an hybrid image, try this:
isohybrid -u caine11.0.iso


The important news is CAINE 13.0 blocks all the block devices (e.g. /dev/sda), in Read-Only mode. You can use a tool with a GUI named Unblock present on CAINE's Desktop.
This new write-blocking method assures all disks are really preserved from accidentally writing operations, because they are locked in Read-Only mode.
If you need to write a disk, you can unlock it with UnBlock or using "Mounter" changing the policy in writable mode.



CAINE is always more fast during the boot.
CAINE 13.0 can boot to RAM (toram).


INSTALLING CAINE: UnBlock (blockdev) put the device in WRITABLE mode -> use Ubiquity -> Choose System Install -> Choose user: CAINE password: CAINE host: CAINE -> Go!
Ubiquity is the installer.
Then after the first boot, run Grub Customizer and put RW instead of RO in the boot menu.

All devices are blocked in Read-Only mode, by default.

ADDED/CHANGED:


IMPORTANT CHANGES:

No more Autopsy and Gimp installed, for ISO size problem.

many others fixing and software updating.

------------------------------------------------

------------------------------------------------

CAINE 12.4 Sidereal released 10/Dec/2021

dark matter

CHANGELOG CAINE 12.4 "SIDEREAL"

ADDED/CHANGED:




dark matter

CAINE 11.0 Wormhole 64bit released!
CAINE 11.0 Wormhole released 01/Dec/2019

dark matter

CHANGELOG CAINE 11.0 "WORMHOLE"

ADDED/CHANGED:




All devices are blocked in Read-Only mode, by default.
New tools, new OSINT, Autopsy 4.13 onboard, APFS ready,BTRFS forensic tool, NVME SSD drivers ready!
SSH server disabled by default (see Manual page for enabling it).
SCRCPY - screen your android device
Autopsy 4.13 + additional plugins by McKinnon.
X11VNC Server - to control CAINE remotely.
hashcat
NEW SCRIPTS (Forensics Tools - Analysis menu)

AutoMacTc - a forensics tool for Mac.
Bitlocker - volatility plugin
Autotimeliner - Automagically extract forensic timeline from volatile memory dumps.
Firmwalker - firmware analyzer.
CDQR - Cold Disk Quick Response tool

many others fixing and software updating.

Windows Side:

win-side

CAINE has got a Windows IR/Live forensics tools.
If you need it you can use the IR/Live forensics framework you prefer, changing the tools in your pendrive.


------------------------------------------------
CAINE 10.0 Infinity 64bit released!
CAINE 10.0 Infinity released 09/11/2018 (updated 18/Dec/2018)

dark matter

CHANGELOG CAINE 10.0 "INFINITY"

ADDED/CHANGED:



New tools, new OSINT, Autopsy 4.9.1 onboard, APFS ready,BTRFS foresic tool, NVME SSD drivers ready!

SSH server disabled by default (see Manual page for enabling it).

OSINT: Carbon14, OsintSpy added.
Mobile: gMTP and ADB added.
Added: Recoll, Afro, Stegosuite,etc. etc.
many others fixing and software updating.

Windows Side:

win-side

CAINE has got a Windows IR/Live forensics tools.
If you need it you can use the IR/Live forensics framework you prefer, changing the tools in your pendrive.
Tools: Nirsoft suite + launcher, WinAudit, MWSnap, Arsenal Image Mounter, FTK Imager, Hex Editor, JpegView, Network tools, NTFS Journal viewer, Photorec & TestDisk, QuickHash, NBTempoW, USB Write Protector, VLC, Windows File Analyzer.
HibernationRecon by Arsenal Recon

------------------------------------------------
CAINE 9.0 Quantum 64bit released!
CAINE 9.0 QUANTUM released 25/10/2017

dark matter

CHANGELOG CAINE 9.0 "QUANTUM"

ADDED/CHANGED:


RegRipper, VolDiff, SafeCopy, PFF tools, pslistutil, mouseemu, NBTempoX,Osint: Infoga, The Harvester, Tinfoleak regfmount and libregf-utils installed.
many and many scripts and programs....
SSH server disabled by default (see Manual page for enabling it).
Autopsy 2.24 fixed - srch_strings changed with "GNU strings" renamed in srch_strings.
many others fixing and software updating.

Windows Side:


Windows Side with for Incident Response/Live Analysis on Windows systems.
Tools: Nirsoft suite + launcher, WinAudit, MWSnap, Arsenal Image Mounter, FTK Imager, Hex Editor, JpegView, Network tools, NTFS Journal viewer, Photorec & TestDisk, QuickHash, NBTempoW, USB Write Protector, VLC, Windows File Analyzer.

------------------------------------------------

CAINE 8.0 Blazar 64bit released!
CAINE 8.0 BLAZAR released 30/10/2016

dark matter

CHANGELOG CAINE 8.0 "BLAZAR"

ADDED/CHANGED:

IMG_MAP (image dd/raw and ewf mounter)
XAll 1.5
RecuperaBit
SQLParse
PEFrame
Yara
PDF analysis
MemDump
ADB and LibMobileDevice
Gigolo (network filesystem client)
Shrew (VPN manager)
wxHexEditor
Jeex
XRCed
PffLib
imount, vhdimount and vhdiinfo
samba
vblade
iscsitarget
Tilda
many and many scripts and programs....

Windows Side:


Win-UFO with for Incident Response/Live Analysis on Windows systems.
Win-UFO 6.0 but the tools are renewed and some tools have been removed; There are extra tools.
------------------------------------------------

CAINE DeepSpace 7.0 released 05/11/2015

CHANGELOG CAINE 7.0 "DeepSpace"


ADDED/CHANGED in CAINE 7.0:

The important news is CAINE 7.0 blocks all the block devices (e.g. /dev/sda), in Read-Only mode. You can use a tool with a GUI named BlockON/OFF present on Caine's Desktop.
This new write-blocking method assures all disks are really preserved from accidentally writing operations, because they are locked in Read-Only mode.
If you need to write a disk, you can unlock it with BlockOn/Off or using "Mounter" changing the policy in writable mode.


fixed FMOUNT
XAll
BTCScan (Bitcoin scanner)
dmraid
okteta
x11vnc server
gvncviewer
ssh
openssh
wput
unBlock (block in RO/RW block devices)
mount-nfs
scalpel 2.1
new peframe
damm
find_times
parse_VSS_RFC
4n6 scripts updated
quickhash updated
bleachbit
usnj
vshot
zulucrypt
ddrescue-gui
ddrescueView
dd utility
iloot
python_regparse
libmobiledevice
ifuse
ddrescueview
INDEXparse.py, Shellbags.py, evtxexport.py, extxinfo.py
NFS client.


dark matter

CAINE 6.0 Dark Matter 64bit released!
CAINE Dark Matter 6.0 released 06/10/2014

CHANGELOG CAINE 6.0 "Dark Matter"


fixed password request in polkit
fixed password request in textmode e tty
Bash bug fixed shellshock
mount policy always in ro and loop mode
fstrim disabled (enabled uncommenting the row in /etc/cron.weekly/fstrim)
autopsy patched by Maxim Suhanov
Many others tools and GUI.

dark matter

CAINE 5.0 Blackhole 64bit released!
CAINE Blackhole 5.0 released 17/01/2014

CHANGELOG CAINE 5.0 "Blackhole"

Kernel 3.8.0-35
Based on Ubuntu 12.04.3 64BIT - UEFI/SECURE BOOT Ready!

Caine 5.0 on pendrive can boot on Uefi/Uefi+secure boot/Legacy Bios/Bios.
Caine 5.0 on DVD can boot on Legacy Bios/Bios.

SystemBack is the new installer.

Caine has a new logo, thanks to Mr. Nino Salvati.

blackhole

CAINE LittleStar 64bit released!
CAINE LittleStar 2.0 released 30/10/2013
Changelog:
resolv.conf fixed
boot-repair and grub-customizer added
Broadcom Corporation BCM4313 wireless card drivers added
CAINE LittleStar is a parallel project to the official CAINE distro, it is a lighter version of CAINE based on Ubuntu 13.04 64 BIT, only to have a CAINE 64 bit version.
It can be useful for installing on 64 bit machines and it is taylored expecially for the acquisition (forensic copy) of devices. Download HERE

littlestar

CAINE 4.0 and NBCaine 4.0 codename "Pulsar" released!

pulsar

CAINE 4.0 codename "Pulsar" is cooking.

pulsar

NBCaine 3.0 codename "Quasar" is out! TSK 4.0.1 onboard! and new Kernel.


Caine 3.0 codename "Quasar" is out!

quasar

Caine 3.0 codename "Quasar" is cooking!

quasar

Caine 2.5.1 codename "Supernova" is out!

Caine 2.5.1 fixs some little things and update some tools...se the CHANGELOG

Caine 2.5 codename "Supernova" is out!

newlight

Caine 2.5 codename "Supernova" is cooking!

newlight

We are working on it! It will be an improvement of Caine 2.0 ;)

Caine 2.0 inside Katana multi boot suite

newlight

Thanks to Mr. Ronin and Carlos Luna now Caine is inside Katana, great work! http://www.hackfromacave.com/katana.html

CAINE-FROM-DEB


Thanks to Luigi Piciocchi, now it's available a DEB package for installing many useful tools directly on a installed Ubuntu 10.04 OS. https://www.caine-live.net/page5/page5.html

CAINE 2.0 (code name "NewLight") and NBCaine 2.0 are out!

newlight

Hi all! Caine 2.0 is online now...it's all updated, all the newest patches are there, take a tour on Caine website !

CAINE 1.5 (code name "Shining") is ONLINE

shining

Hi all! Caine 1.5 (Shining) is online! You can see the changelog in the Release page. We added and updated many tools, fixed many things....Caine 1.5 more friendly than before!

CAINE 1.5 (code name "Shining") is coming!

547923725_d34c27b9e8

Hi all! Caine 1.5 (Shining) is coming! We are working for the release 1.5, that will fix many features and it will update many tools and the kernel. We are following the friendness and usability. Linux for all!

CAINE 1.0 is online!

547923725_d34c27b9e8

Hi all! Caine 1.0 and NBCaine 1.0 are online now! I am Nanni Bassetti and I took the legacy of Giancarlo Giustini the founder of the distro, who remains in the team.
I applied 3 patches: one for this BUG, one for the mount policies, those are safer and future proof, and one for the partitions numbering...
Welcome to Maxim Suhanov, (AKA "forensics" in our forum), in our team!

Stay Tuned!

547923725_d34c27b9e8

Hi all! Soon Caine 1.0 and NBCaine 1.0 will be online! I am Nanni Bassetti and I took the legacy of Giancarlo Giustini the founder of the distro, who remains in the team.
I applied 3 patches: one for this BUG, one for the mount policies those are safer and future proof ;-) and one for the partitions numbering...Stay tuned few days to the launch!
Many thanks to Maxim Suhanov AKA "forensics" in our forum, for the patches and the help.

We are back!

547923725_d34c27b9e8

I apologize for the wait, but work and other business have kept me from completely devote to CAINE. I am back to work, and now in my spare time I'm updating the software and all the forensic products; in few months the 1.0 will be available for download as promised.

Thank you everybody for your support!

TomTom analysis with CAINE (English)

TomTom-ONE-XL
(UPDATE) We publish the English version of the forensic scenario analysis of a TomTom navigation system performed by Clara Colombini.

Clara noticed that TomTom navigation systems are not accessible with hardware write-blocker connected with the forensics workstation and MS Windows operating systems installed, so she developed and tested a methodology that would allow to acquire data stored on these devices without making any changes to them. Helix and CAINE implement the same secure mounting strategy, that mount devices with the options
ro, noexec and noatime, making the use of a write-blocker mandatory for legal issue, but not so binding as the experiment required.
The experiment is summarized into a document of twenty-four pages, in which the forensic analyst operates with the confidence to keep the evidence extracted from the TomTom valid for the court.

Here the article by Denis Frati and the PDF with the results of the experiment (ENGLISH - UPDATE!).

CAINE on Distrowatch

Immagine 2


We are finally on
Distrowatch!
Check our distro
here.

We are currently working on
CAINE 1.0, stay tuned!

TomTom analysis with CAINE (Italian)

TomTom-ONE-XL
NBCAINE is available for less than a month and it has already been used in a forensic scenario analysis of a TomTom navigation system. The analysis was performed by Clara Colombini.

Clara noticed that TomTom navigation systems are not accessible with hardware write-blocker connected with the forensics workstation and MS Windows operating systems installed, so she developed and tested a methodology that would allow to acquire data stored on these devices without making any changes to them. Helix and CAINE implement the same secure mounting strategy, that mount devices with the options
ro, noexec and noatime, making the use of a write-blocker mandatory for legal issue, but not so binding as the experiment required.
The experiment is summarized into a document of twenty-four pages, in which the forensic analyst operates with the confidence to keep the evidence extracted from the TomTom valid for the court.

Here the article by Denis Frati and the PDF with the results of the experiment (Italian).

CAINE reviewed

270550002_d4dfa03726_b

DIY Forensics & Incident Response Lab - link
“Regarding forensic software, so much is already out there, both free and commercial. If you're just getting started, take a look at Harlan's list and try out the Caine forensic and IR LiveCD, which contains all you need to get your feet wet. IT shops that have already purchased forensic packages, like FTK and Encase, can easily install it in the lab at no additional cost provided they use their existing licensing dongle when not in use for an actual case.”

John H. Sawyer, senior security engineer on the IT Security Team at the University of Florida.


Windows FE “Live CD” Posts Followup - link
“Curiously, and not noted in the test, was the fact that I tried local installation of Helix, RAPTOR, and DEFT forensic Linux builds on the test system’s hard drive. All three balked during the drive preparation process, despite my successful manual creation of the ext3 and swap partitions manually in their installers. Only the CAINE Live CD allowed me to install itself locally with no issues or complaints.”

From Claus Valca blog.


Applied Information Security book (future publication)
CAINE is a distribution focused on IT Forensics. It is a good learning environment for beginning users. CAINE has intuitive interfaces, a variety of functionality, and good reporting/documentation tools. Most IT Forensics suites are quite expensive and require a fair amount of training. A free tool like CAINE that has good collection, analysis, and reporting tools is invaluable for someone just starting out in the field.”

Dr. Randall Boyle, professor at the University of Utah.



CAINE ISO has reached 1500 downloads, and the new entry NBCAINE is currently at 120 downloads!

CAINE and Helix

helix
From “Security Viewpoints” by Derrick Webber:

“Oh no! Helix, the most popular compilation of forensics software on a bootable CD became payware only in February 2009. Now a $15/month subscription is required.
Previously, anyone could download and use the ISO for free, which lead to wide adoption… for example, the SANS forensic course uses it, and it was the tool of choice at a Canadian lead security agency where I used it to examine compromised workstations.

The best alternative right now seems to be the relatively new Live CD CAINE.

If your only goal is to obtain a valid disk image, Raptor from Forward Discovery is still free. There are also multiple other live CDs that include The Sleuth Kit and other collections of forensic tools. [...]”

We also report that CAINE iso has been downloaded 1000 times!

750 downloads of the ISO!

provacaine

CAINE iso has been downloaded 750 times! Thank you!

Here (in italian) an interview that Giancarlo Giustini gave to the italian blogger Dario Vignali.

Defcon 17 and CAINE

normal_Las Vegas, Nevada

Joe Cicero wrote me this e-mail today:

Giancarlo,
I've been teaching Incident Response, E-discovery, and Computer Forensics for approximately 5 years at the technical college level. I used other open source tools and utilities before CAINE but none of them worked as well "out of the box". I am a regular user of the forum and I get quick responses to my e-mails and postings when contacting the CAINE team. If you are interested in learning, teaching or conducting computer forensics and you want to spend less time configuring and more time analyzing CAINE is for you.

Joe Cicero will mention the use of CAINE in his discussion at
Defcon 17, (July 31st - August 2nd, 2009 at the Riviera Hotel and Casino in Las Vegas, Nevada).

Thank you Joe!

Joe Cicero is currently a Network Specialist Instructor for Northeast Wisconsin Technical College, he specializes in teaching Linux, Network Security, and Computer Forensics Courses. He is originally from Green Bay and in 1985 he joined the Marines. His final duty assignment was as the Operations Chief for Tactical Warfare Simulations Evaluations Analyses Systems (TWSEAS) where he traveled the world conducting training through use of computer simulations.
Last year, for Defcon 16, he had submitted a white paper entitled "Forensic And Recovery Techniques used while Data mining Institutions for Education".
Here is the link of the Defcon 16 speakers.

Talking about... CAINE!

sunset
Sunset @ Ciudad de Mexico by Esparta (modded by GIanchi) - CC


http://vulnerabilityteam.wordpress.com/2009/02/26/nueva-version-del-caine-livecd-para-informatica-forense/
http://raulespinola.wordpress.com/2009/02/28/caine-gnulinux-livecd-para-informatica-forense/
http://meneame.net/story/caine-livecd-gnulinux-para-informatica-forense
http://busquiel.sociallinux.org/2009/02/27/
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/action,printpage/topic,3643.0/
https://lists.ubuntu.com/archives/ubuntu-it/2008-October/034680.html
http://www.comunidade-linuxnarede.eti.br/modules/news/article.php?storyid=798

5 days of 0.5

438296669_a6096f5a20_b-1
Orange Line @ eTech 2007 by eschipul (CC)

CAINE 0.5 iso has been downloaded 250 times in only 5 days, and the site has sustained a really huge amount of requests this week, with a peak never seen before!
Thank you for choosing us!

Jaime Andrés Restrepo, a Computer Security Researcher, has just translated the report template in Spanish, and we will include the new template in the future version of CAINE.
If you wish to participate by providing the translation of the report in your language or if you have found a translation mistake,
please contact the CAINE team.

I also suggest to take a look to our forum here, if you want to contribute or find some important informations and many guides provided directly by the users of CAINE.

A lot of digital security and computer forensics web sites are talking about our brand new version:
http://www.secuobs.com/revue/news/65495.shtml
http://forcomp.blogspot.com/2009/02/caine-05.html
http://www.security-database.com/toolswatch/CAINE-Computer-Aided-INvestigative.html
http://seguridad-informacion.blogspot.com/2009/02/caine-05-released.html
http://webnoticiero.blogspot.com/2009/02/nueva-version-del-caine-livecd-para.html
http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&p=6526339
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,3643.msg16917/topicseen,1/

CAINE in the world

collage

A mix of international web sites talking Manual and Policies Live CD.
Thanks to Benedetto Colangelo and Nanni Bassetti that went beyond the edges of a simple “google search”!

CAINE 0.5 released!


Main features:
- WinTaylor, forensic frontend for Windows environment
- Html page IE-compatible to run the forensic tools in Windows
- Ntfs-3g updated to 2009.1.1 (resolve a ntfs-3g bug)
- New boot option: text mode.
- Ubuntu 8.04 packages updated
- Firefox 3.0.6
- Gtkhash, frontend for hashing files
- New reporting features: investigators and case name added
- Multi-language report: italian, english, german, french and portuguese
- Firefox starts with the list of tools and a brief utilization manual.

PSX Installer

PSX Installer 1.3 by Denis Frati added to the Downloads section.