martedì 19 marzo 2013

CAINE (Computer Aided INvestigative Environment) è una distribuzione GNU/Linux italiana creata come progetto di 'Digital Forensics'.

Maria Susana Diaz | 10:09 |
caineCAINE (Computer Aided INvestigative Environment) è una distribuzione GNU/Linux italiana creata come progetto di 'Digital Forensics'. CAINE offre un completo ambiente organizzato per integrare software e tools utilizzabili tramite un'interfaccia grafica.

Il principale obiettivo di CAINE è quello di dare un ambiente di supporto alle investigazioni digitali.
E' possibile utilizzare questa distribuzione all'interno di Windows senza dover fare il boot, semplicemente inserendo la pendrive e installando nel sistema operativo il file .EXE WinTaylor.

In questo modo è possibile utilizzare gli strumenti di CAINE senza dover chiudere Windows.
Autore progetto: Giovanni Bassetti.
Aggiornamento:
CAINENanni Bassetti has announced the release of CAINE 4.0, an Ubuntu-based distribution with specialist utilities for forensic analysis and penetration testing: "CAINE and NBCAINE 4.0 'Pulsar' are out. Changelog: Linux kernel 3.2, LibreOffice 4.0.1, Sqliteman, remote file system mounter, sdparm, netdiscover, NirSoft Launcher with FTK imager and sysinternals tools, new RBFstab and Mounter. Rbfstab is a utility that is activated during boot or when a device is plugged in. It writes read-only entries to /etc/fstab so devices are safely mounted for forensic imaging and examination. It is self installing with 'rbfstab -i' and can be disabled with 'rbfstab -r'. It contains many improvements over past rebuildfstab incarnations. Rebuildfstab is a traditional means for read-only mounting in forensics-orient distributions." Visit the project's home page to read the complete changelog and to see some screenshots. Download link: caine4.0.iso (1,727MB, MD5).
Ultime versione pubblicate:
• 2013-03-18: Distribution Release: CAINE 4.0
• 2012-10-03: Distribution Release: CAINE 3.0
• 2011-09-19: Distribution Release: CAINE 2.5
• 2010-09-14: Distribution Release: CAINE 2.0
• 2009-11-01: Distribution Release: CAINE 1.0

Software incluso:
ADDED (Caine 4.0):
LibreOffice 4.0.1
Sqliteman
Sdparm
Remote Filesystem Mounter
netdiscover
ADDED (Caine 3.0)
iphonebackupanalyzer
exiftool phil harvey
tcpflow
tshark
john
wireshark
firefox
vinetto
mdbtool
gdisk
LVM2
tcpdump
Mobius
QuickHash
SQLiteBrowser
FRED
docanalyzer
nerohistanalyzer
knowmetanalyzer
PEFrame
grokEVT
zenmap (nmap)
blackberry tools
IDevice tools
-----------------------------------------------------------
AIR 2.0.0
Stands for Automated Image and Restore
AIR is a GUI front-end to dd and dc3dd designed for easily creating forensic bit images. Double hash.
-----------------------------------------------------------
Abiword
AbiWord is a free word processing program similar to Microsoft® Word. It is suitable for a wide variety of word processing tasks.
-----------------------------------------------------------
Autopsy
The Autopsy Forensic Browser is a graphical interface to the command line digital investigation analysis tools in The Sleuth Kit. Together, they can analyze Windows and UNIX disks and file systems (NTFS, FAT, UFS1/2, Ext2/3).
Conduct File Listing, View File Content, Compare files in user created or downloaded Hash Databases, File Type Sorting by internal signatures, Create a Timeline of File Activity, conduct Keyword Searches, File System Meta Data Analysis, Data Unit (File Content) Analysis in multiple formats, File System Image Details: Case Management of one or more host computers, Event Sequencer allows you to add time-based events from other systems (ie firewall/ids logs), Notes about case, Image Integrity verification, Report Creation, Audit Logging of investigation,
-----------------------------------------------------------
Afflib
The Advanced Forensics Format (AFF) is an extensible open format for the storage of disk images and related forensic metadata. AFF is an open and extensible file format to store disk images and associated metadata. Using AFF, the user is not locked into a proprietary format that may limit how he or she may analyze it. An open standard enables investigators to quickly and efficiently use their preferred tools to solve crimes, gather intelligence, and resolve security incidents.
-----------------------------------------------------------
Ataraw
Linux user-level ATA raw command utility
-----------------------------------------------------------
AtomicParsley
AtomicParsley is a lightweight command line program for reading, parsing and setting metadata into MPEG-4 files
-----------------------------------------------------------
BBT.py
BBthumbs.dat parser (for BlackBerry)
-----------------------------------------------------------
Bkhive
bkhive is a tool to extract the Windows System-key that is used to encrypt the hashes of the userpasswords.
-----------------------------------------------------------
Bloom
NPS Bloom filter package (includes frag_find)
-----------------------------------------------------------
ByteInvestigator
A suite of bash scripts by Tony Rodriguez
----------------------------------------------------------
Bulk Extractor
Bulk Email and URL extraction tool
-----------------------------------------------------------
Cryptcat
Cryptcat is a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol while encrypting the data being transmitted. It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts.
-----------------------------------------------------------
Chntpw
This is a utility to (re)set the password of any user that has a valid (local) account on your Windows NT/2k/XP/Vista etc system. There is also a registry editor and other registry utilities that works under linux/unix, and can be used for other things than password editing.
-----------------------------------------------------------
Epiphany
Web Browser
-----------------------------------------------------------
Disk Utility
Disk manager
-------------------------------------------------------------
DMIDecode
reports information about your system's hardware as described in your system
BIOS according to the SMBIOS/DMI standard
-----------------------------------------------------------
dos2unix
dos2unix - DOS/MAC to UNIX text file format converter
-----------------------------------------------------------
Ddrescue
ddrescue is a data recovery tool. It copies data from one file or block device (hard disc, cdrom, etc) to another, trying hard to rescue data in case of read errors.
-----------------------------------------------------------
Dcfldd
dcfldd is an enhanced version of GNU dd with features useful for forensics and security. dcfldd can hash the input data as it is being transferred, helping to ensure data integrity, verify that a target drive is a bit-for-bit match of the specified input file or pattern, output to multiple files or disks at the same time, split output to multiple files with more configurability than the split command, send all its log data and output to commands as well as files natively.
-----------------------------------------------------------
dc3dd
dc3dd is a patched version of GNU dd to include a number of features useful for computer forensics. Many of these features were inspired by dcfldd, but were rewritten for dc3dd.
dc3dd can write a single hexadecimal value or a text string to the output device for wiping purposes. Piecewise and overall hashing with multiple algorithms and variable size windows. Supports MD5, SHA-1, SHA-256, and SHA-512. Hashes can be computed before or after conversions are made. Progress meter with automatic input/output file size probing. Combined log for hashes and errors. Error grouping. Produces one error message for identical sequential errors. Verify mode. Able to repeat any transformations done to the input file and compare it to an output. Ability to split the output into chunks with numerical or alphabetic extensions.
-----------------------------------------------------------
Dvdisaster
dvdisaster stores data on CD/DVD/BD (supported media) in a way that it is fully recoverable even after some read errors have developed. This enables you to rescue the complete data to a new medium.
-----------------------------------------------------------
Exif
The Exchangeable image file format (Exif) is an image file format which adds or reveals lots of metadata to or from existing image formats, mainly JPEG.
-----------------------------------------------------------
Foremost
Foremost is a console program to recover files based on their headers, footers, and internal data structures. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive.
-----------------------------------------------------------
FileInfo
Jpeg and P32 analyzer
-----------------------------------------------------------
FiWalk
File and Inode Walk Program
-----------------------------------------------------------
Fundl 2.0
This is a selective deleted file retriever with HTML reporting. It is TSK based.
-----------------------------------------------------------
FKLook
This script can be used to search for a keyword in many files and it copies only the files that have a matching keyword to a separate directory of your choosing.
-----------------------------------------------------------
Fod
FOD stands for Foremost output divide. This is a script for splitting foremost output directories contents into subdirectories with a defined number of files for each type of format file.
-----------------------------------------------------------
Fatback
A program for recovering files from FAT file systems.
-----------------------------------------------------------
GCalcTool
'gcalctool' is the desktop calculator.
-----------------------------------------------------------
Geany
Geany is a text editor.
-----------------------------------------------------------
Gparted
The GParted application is a partition editor for creating, reorganizing, and deleting disk partitions.
-----------------------------------------------------------
gtk-recordmydesktop
recordMyDesktop is a desktop session recorder that attempts to be easy to use, yet also effective at it's primary task.
-----------------------------------------------------------
Galleta
Galleta is an Internet Explorer Cookie Forensic Analysis Tool. Galleta was developed to examine the contents of the cookie files. Galleta will parse the information in a Cookie file and output the results in a field delimited manner so that it may be imported into your favorite spreadsheet program.
-----------------------------------------------------------
Gtkhash
A GTK+ utility for computing message digests or checksums using the mhash library. Currently supported hash functions include MD5, SHA1, SHA256, SHA512, RIPEMD, HAVAL, TIGER and WHIRLPOOL.
-----------------------------------------------------------
Guymager
guymager is a forensic imager for media acquisition.
-----------------------------------------------------------
HDSentinel
Monitoring hard disk health and temperature. Test and repair HDD problems and predict failures. Prevent data loss by automatic and scheduled backup
-----------------------------------------------------------
Hex Editor (Ghex)
GHex - a hex editor for GNOME
GHex allows the user to load data from any file, view and edit it in either hex or ascii.
-----------------------------------------------------------
HFSutils
HFS is the “Hierarchical File System,” the native volume format used on modern Macintosh computers. hfsutils is the name of a comprehensive software package being developed to permit manipulation of HFS volumes from UNIX and other systems.
LRRP
LRRP is a bash script for gathering information on the devices you need to acquire for making a forensic image file.
-----------------------------------------------------------
Libewf
Libewf is a library for support of the Expert Witness Compression Format (EWF), it support both the SMART format (EWF-S01) and the EnCase format (EWF-E01). Libewf allows you to read and write media information within the EWF files.
-----------------------------------------------------------
Lnk-parse
This is a perl script for parsing the *.lnk files
-----------------------------------------------------------
lnk.sh
Analysis of Windows LNK files
-----------------------------------------------------------
Log2Timeline
log2timeline, a framework for automatic creation of a super timeline. The main purpose is to provide a single tool to parse various log files and artifacts found on suspect systems (and supporting systems, such as network equipment) and produce a timeline that can be analysed by forensic investigators/analysts.
-----------------------------------------------------------
liveusb
-----------------------------------------------------------
mork.pl
This is a perl script for reading firefox history data
-----------------------------------------------------------
MC
The Midnight Commander useful for text only boot.
-----------------------------------------------------------
MD5deep
md5deep is a cross-platform set of programs to compute MD5, SHA-1, SHA-256, Tiger, or Whirlpool message digests on an arbitrary number of files. md5deep is able to recursive examine an entire directory tree. md5deep can accept a list of known hashes and compare them to a set of input files and more.
-----------------------------------------------------------
md5sum
md5sum - compute and check MD5 message digest
-----------------------------------------------------------
Nautilus Scripts
Live Preview Nautilus scripts...they do many things.
-----------------------------------------------------------
NBTempo
Timeline maker GUI
-----------------------------------------------------------
ntfs-3g
NTFS-3G is a stable read/write NTFS driver for Linux, Mac OS X, FreeBSD, NetBSD, OpenSolaris, QNX, Haiku, and other operating systems. It provides safe and fast handling of the Windows XP, Windows Server 2003, Windows 2000, Windows Vista, Windows Server 2008 and Windows 7 file systems.
-----------------------------------------------------------
Offset_Brute_Force
This shell script will brute force the partition offset looking for a hidden partition and try to mount it.
-----------------------------------------------------------
Pasco
Pasco is an Internet Explorer activity forensic analysis tool. Pasco was developed to examine the contents of Internet Explorer's cache files. Pasco will parse the information in an index.dat file and output the results in a field delimited manner so that it may be imported into your favorite spreadsheet program.
-----------------------------------------------------------
Photorec
PhotoRec recovers files from the unallocated space using file type-specific header and footer values.
-----------------------------------------------------------
Read_open_xml
Read MS Office metadata
-----------------------------------------------------------
Reglookup
RegLookup is an small command line utility for reading and querying Windows NT-based registries. Currently the program allows one to read an entire registry and output it in a (mostly) standardized, quoted format. It also provides features for filtering of results based on registry path and data type.
-----------------------------------------------------------
Rifiuti
Rifiuti is a Recycle Bin Forensic Analysis Tool. Rifiuti was developed to examine the contents of the INFO2 file in the Recycle Bin. Rifiuti will parse the information in an INFO2 file and output the results in a field delimited manner so that it may be imported into your favorite spreadsheet program.
-----------------------------------------------------------
Rifiuti2
As its name indicates, rifiuti2 is a rewrite of rifiuti, Rifiuti (last updated 2004) is restricted to English version of Windows (fail to analyze any non-latin character), thus this rewrite. It also Supports Windows file names in any languages, Supports Vista and Windows 2008 “$Recycle.Bin” (no more uses INFO2 file), Enables localization (that is, translatable) by using glib, More rigorous error checking, Supports output in XML format.
-----------------------------------------------------------
Readpst
readpst converts PST (MS Outlook Personal Folders) files to mbox and other formats.
-----------------------------------------------------------
Scalpel
Scalpel is a fast file carver that reads a database of header and footer definitions and extracts matching files from a set of image files or raw device files. Scalpel is filesystem-independent and will carve files from FATx, NTFS, ext2/3, or raw partitions.
-----------------------------------------------------------
SQLJuicer
Perl script - tool that list database CRUD transactions, parsing SQL Server Transactions log entities
-----------------------------------------------------------
SFDumper 2.2
SFDumper is a selective file retriever, it works on active, deleted and carved files. It can do a keyword search among the files retrieved. It is TSK based.
-----------------------------------------------------------
SSDeep
ssdeep is a program for computing context triggered piecewise hashes (CTPH). Also called fuzzy hashes.
-----------------------------------------------------------
SSHFS ans SMBFS
-----------------------------------------------------------
Stegbreak
Tool for extracting steganographic content in images.
------------------------------------------------------------
Storage Device Manager
Another GUI mount manager.
------------------------------------------------------------
Smartmontools
The smartmontools package contains two utility programs (smartctl and smartd) to control and monitor storage systems using the Self-Monitoring, Analysis and Reporting Technology System (SMART) built into most modern ATA and SCSI harddisks. In many cases, these utilities will provide advanced warning of disk degradation and failure.
Smartmontools… automatically reports and highlights any anomalies; allows enabling/disabling SMART; allows enabling/disabling Automatic Offline Data Collection - a short self-check that the drive will perform automatically every four hours with no impact on performance; supports configuration of global and per-drive options for smartctl; performs SMART self-tests; displays drive identity information, capabilities, attributes, and self-test/error logs; can read in smartctl output from a saved file, interpreting it as a read-only virtual device; works on most smartctl-supported operating systems; has extensive help information.
-----------------------------------------------------------
sha256sum
sha256sum - compute and check SHA256 message digest
-----------------------------------------------------------
Steghide
Steghide is a steganography program that is able to embed or extract data in various kinds of image- and audio-files.
-----------------------------------------------------------
Shred
shred - delete a file securely, first overwriting it to hide its contents
-----------------------------------------------------------
sha512sum
sha512sum - compute and check SHA512 message digest
-----------------------------------------------------------
Testdisk
TestDisk was primarily designed to help recover lost data storage partitions and/or make non-booting disks bootable again when these symptoms are caused by faulty software, certain types of viruses or human error (such as accidentally erasing a partition table).
-----------------------------------------------------------
TheSleuthKit
The Sleuth Kit (TSK) is a collection of UNIX-based command line tools that allow you to investigate a computer. Autopsy is a frontend for TSK which allows browser-based access to the TSK tools.
-----------------------------------------------------------
TSK_Gui
Another Sleuthkit GUI
-----------------------------------------------------------
Tigerdeep
tigerdeep - Computer Tiger message digests
-----------------------------------------------------------
Tableau-Parm
tableau-parm is an small commandline utility designed to interact with Tableau forensic write blockers. It performs functions similar to the Tableau Disk Monitor, except that it operates under select UNIX platforms.
-----------------------------------------------------------
Tkdiff
tkdiff is a graphical front end to the diff program. It provides a side-by-side view of the differences between two files, along with several innovative features such as diff bookmarks and a graphical map of differences for quick navigation.
-----------------------------------------------------------
Userassist
This is a perl script offline parser for the “UserAssist” registry key.
-----------------------------------------------------------
VLC
VLC media player is a highly portable multimedia player and multimedia framework capable of reading most audio and video formats (MPEG-2, MPEG-4, H.264, DivX, MPEG-1, mp3, ogg, aac ...) as well as DVDs, Audio CDs VCDs, and various streaming protocols.
-----------------------------------------------------------
Whirpooldeep
Compute Whirlpool message digests
-----------------------------------------------------------
Wipe
Wipe is a secure file wiping utility.
-----------------------------------------------------------
Xhfs
xhfs presents a graphical front-end for browsing and copying files on HFS-formatted volumes.
-----------------------------------------------------------
Xdeview
XDeview is a smart decoder for attachments that you have received in encoded form via electronic mail or from the usenet.
-----------------------------------------------------------
XNView
Image viewer
-----------------------------------------------------------
XMount and XMount-Gui
Virtual file systems creator
-----------------------------------------------------------
XSteg
GUI stegdetect interface
-----------------------------------------------------------
Screenshots.
 




Trovato questo articolo interessante? Condividilo sulla tua rete di contatti in Twitter, sulla tua bacheca su Facebook, in Linkedin, Instagram o Pinterest. Diffondere contenuti che trovi rilevanti aiuta questo blog a crescere. Grazie!

LINKEDIN