CAINE (Computer Aided INvestigative Environment) jest dystrybucją LIVE CD opartą na GNU/Linux. Stworzona została przez włoski zespół ekspertów pod wodzą Giancarlo Giustiniego jako projekt: Digital Forensics for Interdepartment Center for Research on Security (CRIS), wspierany bardzo mocno przez University of Modena and Reggio Emilia.

W skład pakietu wchodzą takie aplikacje jak:

• Grissom Analyzer. Set of tools for device analysis: mmls, fsstat, img_stat and LRRP, a bash script for gathering informations on the devices you need to acquire for making a forensics image file.
• Automated Image & Restore (AIR). An open source application that provides a GUI front-end to dd/dcfldd. It supports MD5/SHAx hashes, SCSI tape drives, imaging over a TCP/IP network, splitting images, and detailed session logging. The CAINE interface implements a modified version of AIR to meet software integration and usability requirements.
• Guymager. A fast and most user friendly forensic imager. It is based on libewf and libguytools.
• Foremost and Scalpel. Foremost and Scalpel are data carving programs that recover files based on their headers, footers, and internal data structures. We provide both tools and let the digital investigator decide about the one to use. Scalpel is a modified and better version of Foremost 0.69, and works directly on a drive or on image files, such as those generated by dd, Safeback, Encase. Both programs are provided with a tailored interface that allows multiple windows for input/output selection and direct access to the user/help manual.
• Autopsy 2.20 and TSK 3.0. The Autopsy Forensic Browser is a graphical interface for TheSleuthKit tools that are originally based on command lines. They allow a digital investigator to analyze Windows and UNIX disks, and file systems such as NTFS, FAT, UFS1/2, Ext2/3. CAINE maintains the same browser-like interface of Autopsy, but it controls output production and report generation.
• SFDumper. It is a useful tool based on TSK 3.0 and written in BASH script. It can retrieve in very fast way all the files (referenced, deleted and unallocated) of the file type choosen.
• Fundl. Simple script for recovery of deleted files
• Stegdetect. It is an open source tool for steganography that is useful to discover hidden information in stored images. We create a GUI for the command and we also insert Xsteg, as an alternative graphical front-end.
• Ophcrack. This is the lead program for password exploiting. We do not provide any kind of rainbow tables to Ophcrack, due to memory space problems for the live CD version, but we guarantee full compatibility between Ophcrack and the CAINE distribution. The program comes with a fully implemented GUI, that is fully integrated within CAINE.

Całość (675MB) w formacie ISO można pobrać z serwerów Uniwersytetu w Modenie: