- an interoperable environment that supports the digital investigator during the four phases of the digital investigation
- a user-friendly graphical interface
- user-friendly tools
The important news is CAINE 11.0 blocks all the block devices (e.g. /dev/sda), in Read-Only mode. You can use a tool with a GUI named BlockON/OFF present on CAINE’s Desktop.
This new write-blocking method assures all disks are really preserved from accidentally writing operations, because they are locked in Read-Only mode.
If you need to write a disk, you can unlock it with BlockOn/Off or using “Mounter” changing the policy in writable mode.
CAINE is always more fast during the boot.
CAINE 11.0 can boot to RAM (toram).
IMPORTANT CHANGES:
- All devices are blocked in Read-Only mode, by default.
- New tools, new OSINT, Autopsy 4.13 onboard, APFS ready,BTRFS forensic tool, NVME SSD drivers ready!
- SSH server disabled by default (see Manual page for enabling it).
- SCRCPY – screen your android device
- Autopsy 4.13 + additional plugins by McKinnon.
- X11VNC Server – to control CAINE remotely.
- hashcat
- NEW SCRIPTS (Forensics Tools – Analysis menu)
- AutoMacTc – a forensics tool for Mac.
- Bitlocker – volatility plugin
- Autotimeliner – Automagically extract forensic timeline from volatile memory dumps.
- Firmwalker – firmware analyzer.
- CDQR – Cold Disk Quick Response tool
- many others fixing and software updating.