ProHoster > Blog > internet news > Release of CAINE 11.0, a distribution kit for revealing hidden data

Release of CAINE 11.0, a distribution kit for revealing hidden data

saw the light Release CAINE 11.0 (Computer Aided INvestigative Environment), a specialized Live distribution kit designed to conduct forensic analysis, search for hidden and deleted data on disks and identify residual information to restore the picture of a system hack. The distribution is based on Ubuntu and is equipped with a single graphical interface based on the MATE shell to manage a set of diverse utilities for exploring Unix and Windows systems. Loading a Live image into RAM is supported. Boot Size iso image 4.1 GB (x86_64).

Release of CAINE 11.0, a distribution kit for revealing hidden data

The composition includes means such as GtkHash, Air (Automated Image & Restore), SSdeep, HDSentinel (Hard Disk Sentinel), Bulk Extractor, fiwalk, ByteInvestigator, Autopsy, Foremost, Scalpel, sleuthkit, guymager, DC3DD. It is also worth noting a system specially developed within the framework of the project WinTaylor for a thorough analysis of Windows systems and the generation of detailed reports on all fixed anomalies. The package also includes a selection of helper scripts for the Caja file manager (a fork of Nautilus) that allow you to perform a wide range of checks on a disk partition or directory, as well as view a list of deleted files and parse structured content such as browser history, Windows registry, images with metadata EXIF.

Release of CAINE 11.0, a distribution kit for revealing hidden data

Main innovations:

  • The release is built on the Ubuntu 18.04 package base, supports UEFI Secure Boot and ships with the Linux 5.0 kernel;
  • To prevent accidental writes, all block devices are now mounted read-only by default. To switch to a writeable mode, the BlockON utility is proposed in the graphical interface;
  • Reduced loading time;
  • Added the ability to boot with copying the boot image to RAM;
  • New versions of OSINT, Autopsy 4.13, APFS, BTRFS foresic tool;
  • Added support for NVME SSD;
  • The SSH server is disabled by default;
  • Tool integrated scrcpy, to control Android device (screen capture) via USB or TCP/IP;
  • Added X11VNC Server for remote control of CAINE;
  • Added AutoMacTc tool for forensic analysis of macOS based systems;
  • Added utility Autotimeliner to automatically extract information about user activity from memory dumps;
  • Added firmware analyzer Firmwalker;
  • Added utility CDQR (Cold Disk Quick Response) to extract residual data from disk images;
  • Added a set of utilities for Windows.
    Release of CAINE 11.0, a distribution kit for revealing hidden data

Source: opennet.ru

Add a comment