If something characterizes Linux distributions, it is that we can always find one that suits our needs, whatever they may be. Data forensics and network and equipment audits have become a very important part of our security. If we want to avoid problems and be sure that our data, our Wi-Fi and our information are properly protected, it is necessary to have software of this type. And of course, Linux helps us to be able to do it very easily thanks to CAINE .
What is CAINE Linux
CAINE Linux, acronym for ” Computer Aided Investigative Enviroment “, or what is the same, ” Computer Aided Research Environment ” is an Ubuntu-based distro specially designed to help and guide us in all kinds of professional forensic practices, from preservation and collection of information up to the examination and analysis of data. This distro is originally created in Italy, and is a favorite for all types of security experts and researchers.
This distro provides us with a complete Linux environment while integrating all kinds of existing tools within a friendly and easy-to-use graphical interface from the first moment. Everything that makes up this distro is OpenSource, both the parts of the operating system and all the tools that are included as standard in it.
This distro is designed to work without problems on any type of computer, both with BIOS and UEFI . And we can even start it on PCs that have Secure Boot enabled. The only requirement to be able to use the new versions of this suite of tools is that our CPU be 64 bits, since it does not have an x86 image.
This Linux distro provides us with a large number of tools and programs as standard, in addition to being able to install everything we want additionally just like in any other system.
This distro has tools that will allow us to analyze databases to memory cards, hard drives and networks. It is compatible with the main communication standards and supports file systems of all file systems, such as FAT, FAT32, exFAT, NTFS, HFS and EXT. It can also audit Windows systems from RAM and dump data from RAW-formatted drives and disks.
Of course, in this Linux we will find well-known programs, such as a terminal or Firefox . But, in addition, some of the most important tools that we can find in it are:
- Autopsy: interface for The Sleuth Kit, an essential tool in digital forensics.
- RegRipper: program designed to extract and display information from complex databases and registers.
- Tinfoleak: curious tool to audit Twitter accounts.
- Wireshark: the terror of the networks. This program allows us to capture all the packets that pass through our network to capture and analyze all the information that travels through it.
- TestDisk and PhotoRec: two tools that go hand in hand. They allow us to analyze disks and drives to detect and eliminate all kinds of deleted and inaccessible data.
- Fsstat: allows us to know in detail the information of any image or storage object.
- AtomicParsley: Simple and lightweight program for reading or creating metadata in MPEG-4 files.
- Cryptcat: tool to read or inject data in TCP or UDP connections.
- Ddrescue – software to analyze and recover data from inaccessible drives.
- Geany: text editor.
- HDSentinel: software to check the health and temperature of a hard disk.
- Md5deep: tool to check the MD5, SHA-1, SHA-256, Tiger, or Whirlpool integrity of any file or directory.
- Offset_Brute_Force – Extension to brute force disks, find hidden partitions and mount them
- Jirón: software to delete files safely and irretrievably.
- AutoMacTc: software for auditing Mac computers.
- Bitlocker: allows access to partitions encrypted with Microsoft software.
- Firmwalker: Firmware analyzer.
All programs are correctly classified and ordered according to their purpose. In addition, we can launch them from the application menu itself, so we do not have to memorize their names.
Download CAINE Linux
This Linux distro, of course, is totally free. Any interested user can download it free of charge from the following link . On this page we will find all the versions that have been released of this distro. We will find from version 1.0 of CAINE Linux to the last one published to date, as well as ISO images for those who need to boot a 32-bit system. What we will not find will be images for ARM, since this system does not work in the typical architectures of systems like the Raspberry Pi.
Its developers provide us with the MD5 and SHA1 codes for each image we download. In addition, they recommend that we check that the checksum corresponds to the one provided to make sure that the system has been downloaded correctly and it is not an altered version.
This system is designed to boot from a USB memory. Therefore, once downloaded we can use the Rufus program to save the image to the pendrive. This must be at least 8 GB.
Although it is one of the most complete distributions we can find, it is by no means the only one. On the web we can find a wide variety of Linux distros for forensic analysis and ethical hacking so that each user can choose the one that best suits their tastes or needs.
Without a doubt, the best known to all. Formerly known as BackTrack, this Linux is based on Debian and offers us a large number of programs and tools to carry out all kinds of security practices. It is usually one of the most innovative distros, being able to imitate the appearance of Windows so as not to raise suspicions and even run through the Windows Subsystem for Linux.
A must-have that every ethical hacker should have on hand that we can download from their website .
Also based on Debian, this Linux distro is cloud-oriented and designed to perform all kinds of security and penetration testing. Thanks to its MATE desktop and its stable Kernel we can perform network forensic analysis or, why not, act anonymously. It is available for 32-bit, 64-bit systems and even for ARM, which allows us to have it installed on a micro-computer.
We can download this alternative distro from its main page .