The release of CAINE 11.0 (Computer Aided INvestigative Environment), a specialized Live distribution designed to conduct forensic analysis, search for hidden and deleted data on disks and identify residual information to restore the picture of a hacking system, was released. The distribution is based on Ubuntu and is equipped with a single graphical interface based on the MATE shell for managing a set of diverse utilities for exploring Unix and Windows systems. It supports loading a live image into RAM. The bootable iso image size is 4.1 GB (x86_64).

The composition includes tools such as GtkHash, Air (Automated Image & Restore), SSdeep, HDSentinel (Hard Disk Sentinel), Bulk Extractor, Fiwalk, ByteInvestigator, Autopsy, Foremost, Scalpel, Sleuthkit, Guymager, DC3DD. It is also worth noting the WinTaylor system specially developed as part of the project for a thorough analysis of Windows-systems and the generation of detailed reports on all recorded anomalies. The composition also includes a selection of auxiliary scripts for the Caja file manager (Nautilus fork) that allow you to perform a wide range of checks on a disk partition or directory, as well as view a list of deleted files and parse structured content such as browsing history, Windows registry, metadata images EXIF

Key innovations:

  • The release is built on the Ubuntu 18.04 package base, supports UEFI Secure Boot, and ships with the Linux 5.0 kernel;
  • To prevent accidental write operations, all block devices are now mounted by default in read-only mode. To transfer to recordable mode, the BlockON utility is proposed in the graphical interface;
  • Reduced loading time;
  • Added the ability to boot with a copy of the boot image in RAM;
  • New versions of OSINT, Autopsy 4.13, APFS, BTRFS foresic tool;
  • Added support for NVME SSD;
  • By default, the SSH server is disabled;
  • The scrcpy tool is integrated to control an Android device (screen capture) via USB or TCP / IP;
  • Added X11VNC Server for remote CAINE management;
  • AutoMacTc tool for forensic analysis of macOS-based systems added;
  • Added Autotimeliner utility for automatically extracting information about user activity from memory dumps;
  • Added firmware analyzer Firmwalker;
  • Added CDQR (Cold Disk Quick Response) utility for extracting residual data from disk images;
  • Added a set of utilities for Windows.


Source link

Register at Binance