If you need it you can use the IR/Live forensics framework you prefer, changing the tools in your pendrive.
--------------------------------------------------------------------------------------- CAINE 10.0 has got a Windows IR/Live forensics tools.
If you need it you can use the IR/Live forensics framework you prefer, changing the tools in your pendrive.
Tools: Nirsoft suite + launcher, WinAudit, MWSnap, Arsenal Image Mounter, FTK Imager, Hex Editor, JpegView, Network tools, NTFS Journal viewer, Photorec & TestDisk, QuickHash, NBTempoW, USB Write Protector, VLC, Windows File Analyzer.
HibernationRecon by Arsenal Recon
--------------------------------------------------------------------------------------- CAINE 9.0 has got Windows IR/Live forensics tools.
If you need it you can use the IR/Live forensics framework you prefer, changing the tools in your pendrive.
Tools: Nirsoft suite + launcher, WinAudit, MWSnap, Arsenal Image Mounter, FTK Imager, Hex Editor, JpegView, Network tools, NTFS Journal viewer, Photorec & TestDisk, QuickHash, NBTempoW, USB Write Protector, VLC, Windows File Analyzer.
--------------------------------------------------------------------------------------- Windows side for Caine 8.0, 7.0, 6.0 and 5.0: Win-Ufo
WIN-UFO doesn't exist anymore, because his developer has closed the website, so you cannot download it anymore.
CAINE is now partnered with WIN-UFO. Thank to Emory Mullis and Scott White for having developed this very good tool for the Live computer forensics, it is Win-Ufo (THE WEBSITE DOES NOT WORK ANYMORE) http://web.archive.org/web/20161007052934/http://win-ufo.org/
Since Caine 5.0 it is onboard in the Caine's Windows Side, I'm happy to have this collaboration, because I think that Win-Ufo is a complete software to manage the Live analysis and reporting of all the operations made. Click here to download WIN-UFO
A minor fix update for Win-UFO v5.0
When Win-UFO isn't ran as an admin, it displays a notice telling you how to run it as an admin. In the notice, it says Win-UFO will attempt to open the location where it resides. However, this attempt always failed. This issue has been fixed.
You can get the update at our web site: CLICK HERE
---------------------------------------------------------------------------------------
OLD WINDOWS SIDE PROGRAMS (Caine 3 and 4)
NirLauncher by NirSoft new Windows Side of Caine!
NirLauncher by Nirsoft - DOWNLOAD HERE
It includes Sysinternals suite, FTK Imager, Piriform tools and many others...
----------------------------------------------------------------------------------
WINTAYLOR 2.5.1 is out!
WINTAYLOR 2.5.1 - DOWNLOAD HERE
For running SYSTEM INFO button of Wintaylor 2.5.1 you have to rename /programs/tools/msix.exe in msi.exe.
-----------------------------------------------------------------------------------------------------------
WINTAYLOR 2.1
It's simpler than Wintaylor 1.5, easy to use and I developed the Nirsoft Mega Report an useful utility that uses many Nirsoft tools and generates an HTML report. Wintaylor 2.0 is designed for reaching the maximum compatibility and for the live analysis and Incident Response on MS Windows Systems.
Do not put Wintaylor 2.1 in a directory named with spaces included!
Rename the file /Programs/tools/nirsoft/MNR.bat in nmr.bat (fixed 29-Sep-2010)
Nanni Bassetti - Project Manager
WARNING!!!: Many Firewalls and AntiViruses could give a fake alert message!
CLICK HERE TO DOWNLOAD IT!
--------------------------------------------------------------------------------------------------------------------------------
WINTAYLOR 1.5
WinTaylor is the new forensic interface built for Windows and included in CAINE Live CD. It is written in Visual Basic 6 to maximize compatibility with older Windows systems, and provides an internal set of well-known forensic programs.
WinTaylor proposes a simple and complete forensic software integration and inherits the design philosophy of CAINE.
To ensure transparency of the operations performed by WinTaylor during its execution, we have made available the source code of the program, that is licensed under the Lesser GPL License 2.1. The code is visible and editable, for the benefit of developers and to preserve the good standards of open source forensic software.
The interface is structured in the familiar CAINE’s tabs style, and implements the well-known reporting system to record the investigative sessions.
Features
- Report creation tool, that saves in a plain and portable text file the list of used programs with time-stamps .
- Tabbed structure that gives a logical schema to the investigation process.
- Command-line tools that print their output inside WinTaylor.