|
|
| Line 1: |
Line 1: |
| − | {{Infobox_Software |
| + | New to data recovery |
| − | name = CAINE Live CD |
| + | |
| − | maintainer = [[CAINE Project]] |
| + | |
| − | os = {{Linux}} |
| + | |
| − | genre = {{Live CD}} |
| + | |
| − | license = {{GPL}}, others |
| + | |
| − | website = [http://www.caine-live.net/] |
| + | |
| − | }}
| + | |
| − | | + | |
| − | '''CAINE Live CD''' (Computer Aided Investigative Environment) is a forensic [[Live CD]] built on top of Ubuntu.
| + | |
| − | == CAINE 1.5 ==
| + | |
| − | As of December 2009, the current version of [http://www.caine-live.net/ Caine] is 1.5. According to documentation, it is based on [http://releases.ubuntu.com/8.04/ Ubuntu 8.04]. Unlike the [[Helix]] project, Caine is free, freely redistributable, and open-source. CAINE 1.5 supports the Oxford 934dsb SATA chipset, used in (among other devices) the Voyager Q SATA dock from Newer Technologies.
| + | |
| − | | + | |
| − | == Forensic Issues ==
| + | |
| − | | + | |
| − | * CAINE Live CD versions before 1.0 will automount [[Ext3]] file systems during the boot process and recover them if required (bug in ''initrd'' scripts);
| + | |
| − | * '''Caine Live CD Version 1.0 introduced new mounting policies''':
| + | |
| − | | + | |
| − | - The mounting policy for any internal or external devices adopted by CAINE: never mount automatically any device and when the user clicks on the device icon the system will mount it in read-only mode on a read-only loopback device.
| + | |
| − | | + | |
| − | - If a user decides to mount a device via terminal, he can use the “mount” command but all the mount options must be specified.
| + | |
| − | | + | |
| − | - The ext3 driver will be ignored when ext3 file systems are mounted and the ext2 driver used instead. This protects any ext3 file systems from a forensic point-of-view. Ext2 does not use journaling, so when an ext3 partition is mounted, there is no danger of modifying the journal metadata.
| + | |
| − | | + | |
| − | - Applying a special patch CAINE team fixed the bug that changed the journal of the ext3 file systems when the computer was switched off without by pulling the plug.
| + | |
| − | | + | |
| − | - Fixed in the fstab: forbidding the auto-mounting of the MMCs and put a control for the "exotic names" like /dev/sdad1.
| + | |
| − | | + | |
| − | - If the user wants to mount and write on an NTFS media should instead use the "ntfs-3g" command (e.g., $ sudo ntfs-3g /dev/sda1 /media/sda1).
| + | |
| − | | + | |
| − | # ntfs-3g /device-path /your-mount-point
| + | |
