CAINE 11.0 now released, the Ubuntu-based distro for forensics

CAINE

Recientemente the release of the new version of the Linux CAINE 11.0 distribution was presented (computer-aided research environment). CAINE is a Linux distribution that is based on Ubuntu and that is designed to be used in live mode that is specialized for forensic analysis, search for hidden and deleted data on disks and identify residual information to restore a system image.

In the distribution includes tools like GtkHash, Air (automated image and restore), SSdeep, HDSentinel (Hard Disk Sentinel), Bulk Extractor, Fiwalk, Byte Investigator, Autopsy, Foremost, Scalpel, Sleuthkit, Guymager, DC3DD.

As well the WinTaylor system is worth noting specially developed as part of the project for a comprehensive analysis of Windows systems and the generation of detailed reports on all registered anomalies.

The composition also includes a selection of helper scripts for the Caja file manager (fork of Nautilus) that allow you to perform a wide range of checks on a disk partition or directory, as well as view a list of deleted files and analyze structured content such as browsing history, Windows registry, EXIF ​​metadata images .

Although the distribution is based on Ubuntu, it does not include the Gnome desktop environment, so it proposes a single graphical interface based on the MATE shell to manage a set of various utilities for exploring Unix and Windows systems.

Main new features of CAINE 11.0

This new version of the distribution is based on Ubuntu 18.04 LTS ("Bionic Beaver") with long-term support, which provides the operating system with the appropriate system updates until April 2023 through the Ubuntu repositories. CAINE 11.0 supports UEFI Secure Boot and ships with Linux kernel 5.0.

Unlike other distributions that are also designed for digital forensics and penetration testing, the current version is highly dependent on applications with a graphical interface to facilitate data reconstruction.

While, To avoid accidental write operations, all block devices are now mounted by default in read-only mode. To transfer to write mode, the BlockON utility proposed in the graphical interface has been added.

On the system side, it stands out that the developers worked to reduce the loading time. In the system tools the tools OSINT, Autopsy 4.13, BTRFS foresic tool, NVME SSD drivers ready, OSINT - Carbon14, OsintSpy, mobile - gMTP, ADB, Recoll, Afro, Stegosuite have been added.

SSH server has been disabled by default (the man page indicates that it can be re-enabled). SystemBack is now used as the system installer.

It is also noted that the developers included many bug fixes and updates to system components.

Of the other changes that stand out:

  • Added the ability to boot with a copy of the boot image in RAM
  • The scrcpy tool is built in to control an Android device (screenshot) via USB or TCP / IP
  • Added X11VNC server for remote CAINE administration
  • AutoMacTc Tool for Aggregated macOS-based Systems Forensics
  • Added Autotimeliner utility to automatically extract information about user activity from memory dumps
  • Added Firmwalker Firmware Analyzer
  • Added CDQR (Cold Disk Quick Response) utility to extract residual data from floppy disk
  • Added a set of utilities for Windows

Download the new version of CAINE 11.0

For those who are interested in trying this Linux distro, they can get the system image from its official website, the size of the bootable iso image is 4,1 GB. The link is this.

You can save the image with Etcher on a USB memory, this is a multiplatform tool.

As mentioned at the beginning the system supports live mode, so the system is loaded into RAM.


Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.