CAINE (Computer Aided INvestigative Environment) is a GNU/Linux Live CD distribution created by Giancarlo Giustini as a project of Digital Forensics for Interdepartment Center for Research on Security (CRIS), supported by the University of Modena and Regg

The project does not aim to propose “yet another forensic tool” or a framework for collecting open source programs, because many forensic distributions already exist (e.g., Helix, FCCU, Deft). The CAINE forensic framework contains a collection of tools wrapped up into a user friendly environment. Furthermore introduces novel important features; it aims to fill the interoperability gap across different forensic tools, it provides a homogeneous GUI that guides digital investigators during the acquisition and analysis of electronic evidence, and it offers a semi-automatic process for the documentation and report compilation.

The CAINE distribution offers all the main commodities of a typical Ubuntu desktop: easy-to-use environment, highly customizable architecture, reliable interfaces and a enhanced packed-oriented software distribution system.
The GNOME desktop offers a well known and efficient graphical environment to the digital investigator.

The installation process is automatable and is implemented through a series of shell scripts.

The wrapper is written in Perl and manages the forensic process from the digital evidence collection to the semi-automatic report compilation. It is embedded into a customized Linux-based operating system, that is built from the standard version of Ubuntu Linux 8.04.

The operating system was modified from a minimal Ubuntu installation for a twofold use: it can be booted into a PC under investigation as a liveCD; it can be installed into a forensic laboratory PC as a permanent operating system. After the installation of all accessory modules, the liveCD distribution is created through a reliable backup program (Remastersys) that automatically builds up a live distribution from the installed Ubuntu version and stored files.

Here are some key features of "CAINE":

· Interoperable environment that supports the digital investigator during the entire analysis process.
· Caine Interface, a user friendly GUI.
· Ubuntu-like easy installation on a forensic workstation.
· Semi-automated compilation of the final report.

What's New in This Release: [ read full changelog ]

· - WinTaylor, forensic frontend for Windows environment
· - Html page IE-compatible to run the forensic tools in Windows
· - Ntfs-3g updated to 2009.1.1 (resolve a ntfs-3g bug)
· - New boot option: text mode.
· - Ubuntu 8.04 packages updated
· - Firefox 3.0.6
· - Gtkhash, frontend for hashing files
· - New reporting features: investigators and case name added
· - Multi-language report: italian, english, german, french and portuguese
· - Firefox starts with the list of tools and a brief utilization manual.

DOWNLOAD