CAINE Linux stands for computer aided investigative environment and is an Italian Linux live distribution. Actual Project Manager is . It is as a digital forensics project started in 2008.
Purpose
CAINE is a professional open source forensic platform that integrates software tools as modules along with powerful scripts in a graphical interface environment. Its operational environment was designed with the intent to provide the forensic professional all the tools required to perform the digital forensic investigate process. CAINE is a live Linux distribution so it can be booted from removable media or from an optical disk and run inmemory. It can also be installed onto a physical or virtual system. In Live mode, CAINE can operate on data storage objects without having to boot up a supporting operating system. The latest version 9.0 can boot on UEFI/UEFI+Secure and Legacy BIOS allowing CAINE to be used on information systems that boot older operating systems and newer platforms.
Requirements
CAINE is based on Ubuntu 16.04 64-bit, using Linux kernel 4.4.0-97. CAINE system requirements to run as a live disc are similar to Ubuntu 16.04. It can run on a physical system or in a virtual machine environment such as VMware Workstation.
Supported platforms
The CAINE Linux distribution has numerous software applications, scripts and libraries that can be used in a graphical or command line environment to perform forensic tasks. CAINE can perform data analysis of data objects created on Microsoft Windows, Linux and some Unix systems. One of the key forensic features in version 9.0 is that it sets all block devices by default to read-only mode. Write-blocking is a critical methodology to ensure that disks are not subject to writing operations by the operating system or forensic tools. This ensures that attached data objects are not modified, which would negatively impact digital forensic preservation.
Tools
CAINE provides software tools that support database, memory, forensic and network analysis. File systemimage analysis of NTFS, FAT/ExFAT, Ext2, Ext3, HFS and ISO 9660 is possible via command line and through the graphic desktop. Examination of Linux, Microsoft Windows and some Unix platforms is built-in. CAINE can import disk images in raw and expert witness/advanced file format. These may be obtained from using tools that are included in CAINE or from another platform such as EnCase or the Forensic Tool Kit. Some of the tools included with the CAINE Linux distribution include:
Autopsy – open source digital forensics platform that supports forensic analysis of files, hash filtering, keyword search, email and web artifacts. Autopsy is the graphical interface to The Sleuth Kit.
RegRipper – open source tool, written in Perl, extracts/parses information from the Registry database for data analysis.
