CAINE release 10.0, the distribution to detect hidden data

Релиз CAINE 10.0, дистрибутива для выявления скрытых данных

Saw the light of release 10.0 CAINE (Computer Aided INvestigative Environment), a specialized Live distribution designed for forensic analysis, finding hidden and deleted data on disks and detect residual information to reconstruct the system hack. The distro is based on Ubuntu and is equipped with a single GUI-based shell MATE to manage a collection of diverse utilities for the study. Supported download of Live image to RAM. Unix and Windows systems. The size of the boot iso image of 3.6 GB (x86_64).

Includes tools such as GtkHash, Air (Automated Image & Restore), SSdeep, HDSentinel (Hard Disk Sentinel), Bulk Extractor, Fiwalk, ByteInvestigator, Autopsy, Foremost, Scalpel, Sleuthkit, Guymager, DC3DD. Also worth noting is specially designed in the framework of the project system WinTaylor for a thorough analysis of Windows systems, and generate detailed reports on all detected anomalies. The structure also includes a collection of helper scripts for file Manager Caja (fork of Nautilus), which allow you to perform a wide range of checks, disk partition or directory and view a list of deleted files and parse structured content, such as your browser histories, the Windows registry, images with EXIF metadata.

The main innovations:

  • The release is built on a batch basis Ubuntu 18.04 comes with the Linux kernel 4.15.

  • Included new utilities RBFstab (safe mounting partitions during boot in read-only mode ) and Mounter (GUI for mounting partitions).

  • All block devices (such as /dev/sda) now are mounted in read-only mode, to transfer in write mode use the utility BlockON/OFF on the desktop or GUI Mounter.

  • Included in the packages Recoll, Afro, Stegosuite and utility, gMTP and ADB to communicate with a mobile device.

  • Updated OSINT framework and present new tools based on it and Carbon14 OsintSpy.

  • The Autopsy platform is upgraded to release 4.9.

  • Added tools for forensic analysis of partitions with BTRFS.

  • Added support for NVME SSD drives.

  • Disabled by default the SSH server.

Релиз CAINE 10.0, дистрибутива для выявления скрытых данных

Релиз CAINE 10.0, дистрибутива для выявления скрытых данных

According to the materials: