CHANGELOG CAINE 13.0 "WARP"
Kernel 5.15.0-67
Based on Ubuntu 22.04 64BIT - UEFI Ready!
CAINE 13.0 can boot on Uefi/Uefi/Legacy Bios/Bios.
If secureboot failed, try to disable it from UEFI.
If you want to create an hybrid image, try this:
isohybrid -u caine11.0.iso
The important news is CAINE 13.0 blocks all the block devices (e.g. /dev/sda), in Read-Only mode. You can use a tool with a GUI named Unblock present on CAINE's Desktop.
This new write-blocking method assures all disks are really preserved from accidentally writing operations, because they are locked in Read-Only mode.
If you need to write a disk, you can unlock it with UnBlock or using "Mounter" changing the policy in writable mode.
CAINE is always more fast during the boot.
CAINE 13.0 can boot to RAM (toram).
INSTALLING CAINE: UnBlock (blockdev) put the device in WRITABLE mode -> use Ubiquity -> Choose System Install -> Choose user: CAINE password: CAINE host: CAINE -> Go!
Ubiquity is the installer.
Then after the first boot, run Grub Customizer and put RW instead of RO in the boot menu.
All devices are blocked in Read-Only mode, by default.
ADDED/CHANGED:
IMPORTANT CHANGES:
No more Autopsy and Gimp installed, for ISO size problem.
many others fixing and software updating.
------------------------------------------------
------------------------------------------------
CHANGELOG CAINE 12.4 "SIDEREAL"
ADDED/CHANGED:
CHANGELOG CAINE 11.0 "WORMHOLE"
ADDED/CHANGED:
All devices are blocked in Read-Only mode, by default.
New tools, new OSINT, Autopsy 4.13 onboard, APFS ready,BTRFS forensic tool, NVME SSD drivers ready!
SSH server disabled by default (see Manual page for enabling it).
SCRCPY - screen your android device
Autopsy 4.13 + additional plugins by McKinnon.
X11VNC Server - to control CAINE remotely.
hashcat
NEW SCRIPTS (Forensics Tools - Analysis menu)
AutoMacTc - a forensics tool for Mac.
Bitlocker - volatility plugin
Autotimeliner - Automagically extract forensic timeline from volatile memory dumps.
Firmwalker - firmware analyzer.
CDQR - Cold Disk Quick Response tool
many others fixing and software updating.
Windows Side:
If you need it you can use the IR/Live forensics framework you prefer, changing the tools in your pendrive.
------------------------------------------------
CAINE 10.0 Infinity 64bit released!
CHANGELOG CAINE 10.0 "INFINITY" ADDED/CHANGED: CHANGELOG CAINE 9.0 "Blazar" Windows Side:
CHANGELOG CAINE 8.0 "Blazar" ADDED/CHANGED in CAINE 8.0: The important news is CAINE 8.0 blocks all the block devices (e.g. /dev/sda), in Read-Only mode. You can use a tool with a GUI named BlockON/OFF present on Caine's Desktop.
CHANGELOG CAINE 7.0 "DeepSpace" ADDED/CHANGED in CAINE 7.0: The important news is CAINE 7.0 blocks all the block devices (e.g. /dev/sda), in Read-Only mode. You can use a tool with a GUI named BlockON/OFF present on Caine's Desktop.
CHANGELOG CAINE 6.0 "Dark Matter"
CHANGELOG CAINE 5.0 "Blackhole" Kernel 3.8.0-35 Caine 5.0 on pendrive can boot on Uefi/Uefi+secure boot/Legacy Bios/Bios. SystemBack is the new installer. Caine has a new logo, thanks to Mr. Nino Salvati. We are working on it! It will be an improvement of Caine 2.0 ;)
Thanks to Mr. Ronin and Carlos Luna now Caine is inside Katana, great work!
http://www.hackfromacave.com/katana.html
Thanks to Luigi Piciocchi, now it's available a DEB package for installing many useful tools directly on a installed Ubuntu 10.04 OS. Hi all! Caine 2.0 is online now...it's all updated, all the newest patches are there, take a tour on Caine website ! Hi all! Caine 1.5 (Shining) is online! You can see the changelog in the home page. We added and updated many tools, fixed many things....Caine 1.5 more friendly than before! Hi all! Caine 1.5 (Shining) is coming! We are working for the release 1.5, that will fix many features and it will update many tools and the kernel. We are following the friendness and usability. Linux for all! Hi all! Caine 1.0 and NBCaine 1.0 are online now! I am Nanni Bassetti and I took the legacy of Giancarlo Giustini the founder of the distro, who remains in the team. Hi all! Soon Caine 1.0 and NBCaine 1.0 will be online! I am Nanni Bassetti and I took the legacy of Giancarlo Giustini the founder of the distro, who remains in the team. I apologize for the wait, but work and other business have kept me from completely devote to CAINE. I am back to work, and now in my spare time I'm updating the software and all the forensic products; in few months the 1.0 will be available for download as promised. DIY Forensics & Incident Response Lab - link John H. Sawyer, senior security engineer on the IT Security Team at the University of Florida. From Claus Valca blog. Dr. Randall Boyle, professor at the University of Utah. CAINE iso has been downloaded 750 times! Thank you! Joe Cicero wrote me this e-mail today: CAINE 0.5 iso has been downloaded 250 times in only 5 days, and the site has sustained a really huge amount of requests this week, with a peak never seen before! A mix of international web sites talking Manual and Policies Live CD.
New tools, new OSINT, Autopsy 4.9.1 onboard, APFS ready,BTRFS foresic tool, NVME SSD drivers ready!
SSH server disabled by default (see Manual page for enabling it).
OSINT: Carbon14, OsintSpy added.
Mobile: gMTP and ADB added.
Added: Recoll, Afro, Stegosuite,etc. etc.
many others fixing and software updating.
Caine 9.0 Quantum 64bit released!
CAINE 9.0 Quantum released 30/10/2017
RegRipper, VolDiff, SafeCopy, PFF tools, pslistutil, mouseemu, NBTempoX,Osint: Infoga, The Harvester, Tinfoleak regfmount and libregf-utils installed.
many and many scripts and programs....
SSH server disabled by default (see Manual page for enabling it).
Autopsy 2.24 fixed - srch_strings changed with "GNU strings" renamed in srch_strings.
many others fixing and software updating.
Windows Side with for Incident Response/Live Analysis on Windows systems.
Tools: Nirsoft suite + launcher, WinAudit, MWSnap, Arsenal Image Mounter, FTK Imager, Hex Editor, JpegView, Network tools, NTFS Journal viewer, Photorec & TestDisk, QuickHash, NBTempoW, USB Write Protector, VLC, Windows File Analyzer.
Caine 8.0 Blazar 64bit released!
CAINE 8.0 Blazar released 30/10/2016
This new write-blocking method assures all disks are really preserved from accidentally writing operations, because they are locked in Read-Only mode.
If you need to write a disk, you can unlock it with BlockOn/Off or using "Mounter" changing the policy in writable mode.
IMG_MAP (image dd/raw and ewf mounter)
XAll 1.5
RecuperaBit
SQLParse
PEFrame
Yara
PDF analysis
MemDump
ADB and LibMobileDevice
Gigolo (network filesystem client)
Shrew (VPN manager)
wxHexEditor
Jeex
XRCed
PffLib
imount, vhdimount and vhdiinfo
samba
vblade
iscsitarget
hashdb
trim disabled
Tilda
many and many scripts and programs....
Caine 7.0 DeepSpace 64bit released!
CAINE 7.0 Deepspace released 06/11/2015
This new write-blocking method assures all disks are really preserved from accidentally writing operations, because they are locked in Read-Only mode.
If you need to write a disk, you can unlock it with BlockOn/Off or using "Mounter" changing the policy in writable mode.
fixed FMOUNT
XAll
BTCScan (Bitcoin scanner)
dmraid
okteta
x11vnc server
gvncviewer
ssh
openssh
wput
unBlock (block in RO/RW block devices)
mount-nfs
scalpel 2.1
new
peframe
damm
find_times
parse_VSS_RFC
4n6 scripts updated
quickhash updated
bleachbit
usnj
vshot
zulucrypt
ddrescue-gui
ddrescueView
dd utility
iloot
python_regparse
libmobiledevice
ifuse
ddrescueview
INDEXparse.py, Shellbags.py, evtxexport.py, extxinfo.py
NFS client.
Caine 6.0 Dark Matter 64bit released!
CAINE 6.0 Dark Matter released 06/10/2014
Kernel 3.13.0-36
fixed password request in polkit
fixed password request in textmode e tty
Bash bug fixed shellshock
mount policy always in ro and loop mode
fstrim disabled (enabled uncommenting the row in /etc/cron.weekly/fstrim)
autopsy patched by Maxim Suhanov
Many others tools and GUI.
Caine 5.0 Blackhole 64bit released!
CAINE 5.0 Blackhole released 17/01/2014
Based on Ubuntu 12.04.3 64BIT - UEFI/SECURE BOOT Ready!
Caine 5.0 on DVD can boot on Legacy Bios/Bios.
Caine LittleStar 64bit released!
CAINE LittleStar 2.0 released 30/10/2013
Changelog:
resolv.conf fixed
boot-repair and grub-customizer added
Broadcom Corporation BCM4313 wireless card drivers added
Caine 4.0 and NBCaine 4.0 codename "Pulsar" are out!
NBCaine 3.0 codename "Quasar" is out!
Caine 3.0 codename "Quasar" is out!
Caine 3.0 codename "Quasar" is cooking!
Caine 2.5.1 codename "Supernova" is out!
Caine 2.5 codename "Supernova" is out!
Caine 2.5 codename "Supernova" is cooking
Caine 2.0 inside Katana multi boot suite
Caine-From-Deb
CAINE 2.0 and NBCaine 2.0 are out
CAINE 1.5 (code name "Shining") is ONLINE
CAINE 1.5 (code name "Shining") is coming!
CAINE 1.0 is online!
I applied 3 patches: one for this BUG, one for the mount policies, those are safer and future proof, and one for the partitions numbering...
Welcome to Maxim Suhanov, (AKA "forensics" in our forum), in our team! Stay Tuned!
I applied 3 patches: one for this BUG, one for the mount policies those are safer and future proof ;-) and one for the partitions numbering...Stay tuned few days to the launch!
Many thanks to Maxim Suhanov AKA "forensics" in our forum, for the patches and the help. We are back!
Thank you everybody for your support!CAINE on Distrowatch
We are finally on Distrowatch!
Check our distro here.
We are currently working on CAINE 1.0, stay tuned!CAINE reviewed
“Regarding forensic software, so much is already out there, both free and commercial. If you're just getting started, take a look at Harlan's list and try out the Caine forensic and IR LiveCD, which contains all you need to get your feet wet. IT shops that have already purchased forensic packages, like FTK and Encase, can easily install it in the lab at no additional cost provided they use their existing licensing dongle when not in use for an actual case.”
Windows FE “Live CD” Posts Followup - link
“Curiously, and not noted in the test, was the fact that I tried local installation of Helix, RAPTOR, and DEFT forensic Linux builds on the test system’s hard drive. All three balked during the drive preparation process, despite my successful manual creation of the ext3 and swap partitions manually in their installers. Only the CAINE Live CD allowed me to install itself locally with no issues or complaints.”
Applied Information Security book (future publication)
“CAINE is a distribution focused on IT Forensics. It is a good learning environment for beginning users. CAINE has intuitive interfaces, a variety of functionality, and good reporting/documentation tools. Most IT Forensics suites are quite expensive and require a fair amount of training. A free tool like CAINE that has good collection, analysis, and reporting tools is invaluable for someone just starting out in the field.”
CAINE ISO has reached 1500 downloads, and the new entry NBCAINE is currently at 120 downloads!CAINE and Helix
“Oh no! Helix, the most popular compilation of forensics software on a bootable CD became payware only in February 2009. Now a $15/month subscription is required.
Previously, anyone could download and use the ISO for free, which lead to wide adoption… for example, the SANS forensic course uses it, and it was the tool of choice at a Canadian lead security agency where I used it to examine compromised workstations.
The best alternative right now seems to be the relatively new Live CD CAINE.
If your only goal is to obtain a valid disk image, Raptor from Forward Discovery is still free. There are also multiple other live CDs that include The Sleuth Kit and other collections of forensic tools. [...]”
We also report that CAINE iso has been downloaded 1000 times!750 downloads of the ISO!
Here (in italian) an interview that Giancarlo Giustini gave to the italian blogger Dario Vignali.Defcon 17 and CAINE
Giancarlo,
I've been teaching Incident Response, E-discovery, and Computer Forensics for approximately 5 years at the technical college level. I used other open source tools and utilities before CAINE but none of them worked as well "out of the box". I am a regular user of the forum and I get quick responses to my e-mails and postings when contacting the CAINE team. If you are interested in learning, teaching or conducting computer forensics and you want to spend less time configuring and more time analyzing CAINE is for you.
Joe Cicero will mention the use of CAINE in his discussion at Defcon 17, (July 31st - August 2nd, 2009 at the Riviera Hotel and Casino in Las Vegas, Nevada).
Thank you Joe!
Joe Cicero is currently a Network Specialist Instructor for Northeast Wisconsin Technical College, he specializes in teaching Linux, Network Security, and Computer Forensics Courses. He is originally from Green Bay and in 1985 he joined the Marines. His final duty assignment was as the Operations Chief for Tactical Warfare Simulations Evaluations Analyses Systems (TWSEAS) where he traveled the world conducting training through use of computer simulations.
Last year, for Defcon 16, he had submitted a white paper entitled "Forensic And Recovery Techniques used while Data mining Institutions for Education". Here is the link of the Defcon 16 speakers.Talking about... CAINE!
Sunset @ Ciudad de Mexico by Esparta (modded by GIanchi) - CC
http://vulnerabilityteam.wordpress.com/2009/02/26/nueva-version-del-caine-livecd-para-informatica-forense/
http://raulespinola.wordpress.com/2009/02/28/caine-gnulinux-livecd-para-informatica-forense/
http://meneame.net/story/caine-livecd-gnulinux-para-informatica-forense
http://busquiel.sociallinux.org/2009/02/27/
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/action,printpage/topic,3643.0/
https://lists.ubuntu.com/archives/ubuntu-it/2008-October/034680.html
http://www.comunidade-linuxnarede.eti.br/modules/news/article.php?storyid=7985 days of 0.5
Orange Line @ eTech 2007 by eschipul (CC)
Thank you for choosing us!
Jaime Andrés Restrepo, a Computer Security Researcher, has just translated the report template in Spanish, and we will include the new template in the future version of CAINE.
If you wish to participate by providing the translation of the report in your language or if you have found a translation mistake, please contact the CAINE team.
I also suggest to take a look to our forum here, if you want to contribute or find some important informations and many guides provided directly by the users of CAINE.
A lot of digital security and computer forensics web sites are talking about our brand new version:
http://www.secuobs.com/revue/news/65495.shtml
http://forcomp.blogspot.com/2009/02/caine-05.html
http://www.security-database.com/toolswatch/CAINE-Computer-Aided-INvestigative.html
http://seguridad-informacion.blogspot.com/2009/02/caine-05-released.html
http://webnoticiero.blogspot.com/2009/02/nueva-version-del-caine-livecd-para.html
http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&p=6526339
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,3643.msg16917/topicseen,1/CAINE in the world
Thanks to Benedetto Colangelo and Nanni Bassetti that went beyond the edges of a simple “google search”!Manual and Policies
Bootable CD-ROM and Virtual Machine toolkits (ENG)
NebraskaCERTCSF - Free Forensic Tools (ENG)
CAINE - A digital forensic project on Live CD (ENG)
Recuperar ficheros borrados desde Ubuntu Linux (SPA)
CAINE, LiveCD GNU/Linux para Informática Forense (SPA)
Novos Live CDs (SPA)
CAINE, um LiveCD para informática forense (PORTO)
CAINE, LiveCD GNU/Linux para Informática Forense (SPA)
CAINE, LiveCD GNU/Linux (SPA)
Computer Aided INvestigative Environment (CAINE) y Buenas Prácticas (SPA)
http://www.secorvo.de/security-news/secorvo-ssn0812.pdf (GER)
CAINE, LiveCD GNU/Linux para Informática Forense (SPA)Master with CAINE