CAINE 9.0 “Quantum” Live USB/DVD (x64)




CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a Digital Forensics project. CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface.


The main design objectives that CAINE aims to guarantee are the following:

  • an interoperable environment that supports the digital investigator during the four phases of the digital investigation
  • a user-friendly graphical interface
  • user-friendly tools

The important news is CAINE 9.0 blocks all the block devices (e.g. /dev/sda), in Read-Only mode. You can use a tool with a GUI named BlockON/OFF present on CAINE’s Desktop.

This new write-blocking method assures all disks are really preserved from accidentally writing operations, because they are locked in Read-Only mode.

If you need to write a disk, you can unlock it with BlockOn/Off or using “Mounter” changing the policy in writable mode.

Another important news is the VNC server and client, for controlling CAINE from remote and finally CAINE is always more fast during the boot.



  • RegRipper, VolDiff, SafeCopy, PFF tools, pslistutil, mouseemu, NBTempoX,Osint: Infoga, The Harvester, Tinfoleak regfmount and libregf-utils installed.
  • Mounter fixed.
  • SSH server disabled by default (see Manual page for enabling it).
  • Autopsy 2.24 fixed – srch_strings changed with “GNU strings” renamed in srch_strings.
  • many others fixing and software updating.
  • many and many scripts and programs….


CAINE has got a Windows IR/Live forensics tools.
If you need it you can use the IR/Live forensics framework you prefer, changing the tools in your pendrive.