CAINE Linux
   HOME

TheInfoList



Click Here for Items Related To - CAINE Linux
OR:
CAINE Linux on:   [Wikipedia]   [Google]   [Amazon]

CAINE Linux (''Computer Aided INvestigative Environment'') is an Italian
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...
live distribution managed by Giovanni "Nanni" Bassetti. The project began in 2008 as an environment to foster digital forensics and incidence response (DFIR), with several related tools pre-installed.


Purpose

CAINE is a professional
open source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized sof ...
forensic platform that integrates software tools as modules along with powerful scripts in a graphical interface environment. Its operational environment was designed with the intent to provide the forensic professional all the tools required to perform the digital forensic investigate process (preservation, collection, examination and analysis). CAINE is a live Linux distribution so it can be booted from removable media (flash drive) or from an optical disk and run in memory. It can also be installed onto a physical or virtual system. In Live mode, CAINE can operate on data storage objects without having to boot up a supporting operating system. The latest version 11.0 can boot on UEFI/UEFI+Secure and Legacy
BIOS In computing, BIOS (, ; Basic Input/Output System, also known as the System BIOS, ROM BIOS, BIOS ROM or PC BIOS) is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the ...
allowing CAINE to be used on information systems that boot older operating systems (e.g.
Windows NT Windows NT is a proprietary graphical operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems sc ...
) and newer platforms (Linux, Windows 10).


Requirements

CAINE is based on Ubuntu 18.04 64-bit, using Linux kernel 5.0.0-32. CAINE system requirements to run as a live disc are similar to Ubuntu 18.04. It can run on a physical system or in a virtual machine environment such as VMware Workstation.


Supported platforms

The CAINE Linux distribution has numerous software applications, scripts and libraries that can be used in a graphical or command line environment to perform forensic tasks. CAINE can perform data analysis of data objects created on Microsoft Windows, Linux and some
Unix Unix (; trademarked as UNIX) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, and ot ...
systems. One of the key forensic features since version 9.0 is that it sets all
block devices In Unix-like operating systems, a device file or special file is an interface to a device driver that appears in a file system as if it were an ordinary file. There are also special files in DOS, OS/2, and Windows. These special files allow ...
by default to read-only mode. Write-blocking is a critical methodology to ensure that disks are not subject to writing operations by the operating system or forensic tools. This ensures that attached data objects are not modified, which would negatively impact digital forensic preservation.


Tools

CAINE provides software tools that support
database In computing, a database is an organized collection of data stored and accessed electronically. Small databases can be stored on a file system, while large databases are hosted on computer clusters or cloud storage. The design of databases sp ...
,
memory Memory is the faculty of the mind by which data or information is encoded, stored, and retrieved when needed. It is the retention of information over time for the purpose of influencing future action. If past events could not be remembered, ...
, forensic and network analysis.
File system In computing, file system or filesystem (often abbreviated to fs) is a method and data structure that the operating system uses to control how data is stored and retrieved. Without a file system, data placed in a storage medium would be one larg ...
image analysis of NTFS, FAT/ExFAT, Ext2, Ext3, HFS and ISO 9660 is possible via command line and through the graphic desktop. Examination of Linux, Microsoft Windows and some Unix platforms is built-in. CAINE can import disk images in raw (dd) and expert witness/advanced file format. These may be obtained from using tools that are included in CAINE or from another platform such as EnCase or the Forensic Tool Kit. Some of the tools included with the CAINE Linux distribution include: *
The Sleuth Kit The Sleuth Kit (TSK) is a library and collection of Unix- and Windows-based utilities for extracting data from disk drives and other storage so as to facilitate the forensic analysis of computer systems. It forms the foundation for Autopsy, a bet ...
– open source command line tools that support forensic inspection of disk volume and file system analysis. *
Autopsy An autopsy (post-mortem examination, obduction, necropsy, or autopsia cadaverum) is a surgical procedure that consists of a thorough examination of a corpse by dissection to determine the cause, mode, and manner of death or to evaluate any di ...
– open source digital forensics platform that supports forensic analysis of files, hash filtering, keyword search, email and web artifacts. Autopsy is the graphical interface to The Sleuth Kit. * RegRipper – open source tool, written in Perl, extracts/parses information (keys, values, data) from the Registry database for data analysis. * Tinfoleak – open source tool for collecting detailed Twitter intelligence analysis. *
Wireshark Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, the project was renamed Wireshark in May 2006 d ...
– supports interactive collection of network traffic and non real-time analysis of data packet captures (*.pcap). *
PhotoRec PhotoRec is a free and open-source utility software for data recovery with text-based user interface using data carving techniques, designed to recover lost files from various digital camera memory, hard disk and CD-ROM. It can recover the files ...
– supports recovery of lost files from hard disk, digital camera and optical media. * Fsstat – displays file system statistical information about an image or storage object.


References

{{reflist


External links


Official website
Forensic software Linux Live Linux distributions Digital forensics software Linux distributions