Manual Caine Live Cd

  1. Manual Caine Live Cd Stereo System
  2. Manual Caine Live Cd Juarez
  3. Manual Caine Live Cd Player
  • Tools and packages included in CAINE Live DVD CAINE 11.0 'Wormhole' 64bit - Official CAINE GNU/Linux distro latest release. IMPORTANT CHANGES: All devices are blocked in Read-Only mode, by default. New tools, new OSINT, Autopsy 4.13 onboard, APFS ready,BTRFS forensic tool, NVME SSD drivers ready! SSH server disabled by default (see Manual page.
  • Download a Live Linux ISO and Burn it; Boot into the RAM disk based Live Linux CD environment; Mount the hard drive that contains the backup; Copy the backup off of the server; Note: A manual backup is required for this process to be effective. If you have never ran a manual backup on your Evolution server there will be no backups to retrieve.

How to Mount Linux Filesystem from a Live CD and Copy a backup

This article explains how to boot into a Live Linux environment to recover a backup from an Evolution system that is not booting properly.

Name Min Size Max Size Purpose Last Release; Forensic Hard Copy: 65: 65: 2012-11: PLAC: 48: 48: 2001-10. CAINE 3.0 – QUASAR Computer forensics Live CD Released CAINE ( C omputer A ided IN vestigative E nvironment) is an Italian GNU/Linux live distribution created as a project of Digital Forensics.

If your Evolution server has stopped booting properly and has been determined to not be repairable, you may be able to retrieve a backup from the system to aid in recovery.

To accomplish that you will need to:

Note: A manual backup is required for this process to be effective. If you have never ran a manual backup on your Evolution server there will be no backups to retrieve.

Creating the Live Linux CD

In order to access the file system of an Evolution server that is not booting up properly you will need to download and burn a Live CD.

The recommended ISO to use can be found here:
http://archive.kernel.org/centos-vault/6.7/isos/i386/CentOS-6.7-i386-LiveCD.iso

After you have downloaded the ISO image, you will need to burn it. A good free tool to do that is CDBurner XP.

CDBurner XP can be found here: https://cdburnerxp.se/en/home

Booting into the Live CD Environment

Once you have burned the image, you will need to boot your Evolution server from the DVD. You may need to adjust the server's boot order to do this.

When booting from the Live CD you will see a screen identical to this:

Once the system boots the LiveCD you should presented with a login screen:

If you are not automatically logged into the LiveCD Environment, click on 'Log In'.

After logging in you should see a desktop that looks like this:

At this point the server is running the LiveCD Environment, and you have logged into the RAMdisk based OS. We now need to mount the hard drive so we can access its contents.

Mounting and Accessing the Hard Drive

First you will need to Browse to 'Applications' → 'System Tools' → 'Terminal':

When the terminal opens up, type ' su' to elevate yourself to root level, followed by a 'mkdir /mnt/recover':

Now Issue an fdisk -l to verify the Live CD environment is able to locate the hard drive we are trying to access (/dev/sda in this case):

Example of info for a /dev/sda partition:

Your hard drive may not be labeled SDA, it may be labeled as SDB, SDC or even HDA.

Once you have confirm the LiveCD Environment is able to access the production hard drive the next step is to mount the drive and try to extract the backup.

To mount the hard drive, you will need to issue this command:

mount /dev/sda2 /mnt/recover

Manual caine live cd player

Note: SDA2 is the second partition on the SDA device. In this example, the production hard drive partition is SDA2, as device SDA was utilized for the installation of Evolution

After mounting the appropriate partition, you should be able to issue a ls /mnt/recover to verify there are files present in the directory as seen above. If there are, then the drive has been successfully mounted and the file system on the drive should be accessible.

The next step is to verify a backup is present.

You can do a cd /mnt/recover/evo/backups/manual to change directory to the folder where Evolution stores manual backups. Issuing a ls here will confirm there are backups present:

In this case, we have a single backup named 2016-05-05_052935asteriskfullbackup.tgz available to recover our Evolution system with.

The next step is to retrieve the backup off of the hard drive so it can be used for recovery.

Extracting the Backup

The quickest and most effective way to do this is with a thumb drive.

Plug your thumb drive into the Evolution server, then browse to 'Applications' → 'Systems Tools' → 'File Browser' as seen here:

Once the file browser opens, click on 'File System' on the left hand side:

From here you will need to browse to the mnt→ recover → evo → backups → manual directory, where you should see the manual backups (in this case the single file mentioned above):

Once you have located the backup file, right click and select 'copy' to copy the file similar to most other modern operating systems.

After you have copied the backup, browse to the thumb drive and past it. In this case, our thumb drive is named 'UUI':

After pasting the copied backup file, it shows on the thumb drive accordingly:

You should now eject the thumb-drive to ensure the integrity of the data written to it.

You can click on the Eject button in the File Browser to the right of the thumb-drive's name or browse back to the desktop and right click on the Thumb Dive, selecting 'eject' to safely remove it from the Live CD Environment:

After ejecting the thumb drive, you can safely power off the Live CD based system.

CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a Digital Forensics project. CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface.

Manual Caine Live Cd Stereo System

The main design objectives that CAINE aims to guarantee are the following:

  • an interoperable environment that supports the digital investigator during the four phases of the digital investigation
  • a user-friendly graphical interface
  • user-friendly tools

The important news is CAINE 9.0 blocks all the block devices (e.g. /dev/sda), in Read-Only mode. You can use a tool with a GUI named BlockON/OFF present on CAINE’s Desktop.

Manual Caine Live Cd Juarez

This new write-blocking method assures all disks are really preserved from accidentally writing operations, because they are locked in Read-Only mode.

If you need to write a disk, you can unlock it with BlockOn/Off or using “Mounter” changing the policy in writable mode.

Another important news is the VNC server and client, for controlling CAINE from remote and finally CAINE is always more fast during the boot.

ADDED/CHANGED:

  • Autopsy 4.9.1 updated
  • Kernel 4.15.0-39
  • Based on Ubuntu 18.04 64BIT – UEFI/SECURE BOOT Ready.
  • CAINE 10.0 can boot on Uefi/Uefi+secure boot/Legacy Bios/Bios.
  • many others fixing and software updating.
  • many and many scripts and programs….

The important news is CAINE 10.0 blocks all the block devices (e.g. /dev/sda), in Read-Only mode. You can use a tool with a GUI named BlockON/OFF present on CAINE’s Desktop.This new write-blocking method assures all disks are really preserved from accidentally writing operations, because they are locked in Read-Only mode.If you need to write a disk, you can unlock it with BlockOn/Off or using “Mounter” changing the policy in writable mode.

Manual Caine Live Cd Player

CAINE has got a Windows IR/Live forensics tools.
If you need it you can use the IR/Live forensics framework you prefer, changing the tools in your pendrive.