Release of CAINE 11.0, a distribution kit for revealing hidden data
saw the light Release CAINE 11.0 (Computer Aided INvestigative Environment), a specialized Live distribution kit designed to conduct forensic analysis, search for hidden and deleted data on disks and identify residual information to restore the picture of a system hack. The distribution is based on Ubuntu and is equipped with a single graphical interface based on the MATE shell to manage a set of diverse utilities for exploring Unix and Windows systems. Loading a Live image into RAM is supported. Boot Size iso image 4.1 GB (x86_64).
The composition includes means such as GtkHash, Air (Automated Image & Restore), SSdeep, HDSentinel (Hard Disk Sentinel), Bulk Extractor, fiwalk, ByteInvestigator, Autopsy, Foremost, Scalpel, sleuthkit, guymager, DC3DD. It is also worth noting a system specially developed within the framework of the project WinTaylor for a thorough analysis of Windows systems and the generation of detailed reports on all fixed anomalies. The package also includes a selection of helper scripts for the Caja file manager (a fork of Nautilus) that allow you to perform a wide range of checks on a disk partition or directory, as well as view a list of deleted files and parse structured content such as browser history, Windows registry, images with metadata EXIF.
Main innovations:
The release is built on the Ubuntu 18.04 package base, supports UEFI Secure Boot and ships with the Linux 5.0 kernel;
To prevent accidental writes, all block devices are now mounted read-only by default. To switch to a writeable mode, the BlockON utility is proposed in the graphical interface;
Reduced loading time;
Added the ability to boot with copying the boot image to RAM;
New versions of OSINT, Autopsy 4.13, APFS, BTRFS foresic tool;
Added support for NVME SSD;
The SSH server is disabled by default;
Tool integrated scrcpy, to control Android device (screen capture) via USB or TCP/IP;
Added X11VNC Server for remote control of CAINE;
Added AutoMacTc tool for forensic analysis of macOS based systems;
Added utility Autotimeliner to automatically extract information about user activity from memory dumps;