Step by Step to Install Caine OS on VirtualBox [Complete Guide]

In this article, we will go through step by step guide to install Caine OS on VirtualBox. Caine OS(Computer Aided Investigative Environment) is Ubuntu based professional open source forensic platform with strong security and forensic investigation features built-in. A complete investigative environment is the foundation of CAINE, which is designed to combine existing software tools as software modules and to offer a user-friendly graphical user interface.


Step By Step to Install Caine OS on VirtualBox [Complete Guide]

Step by Step to Install Caine OS on VirtualBox [Complete Guide]

Also Read: GoPhish: Open Source Phishing Framework [Ethical Hacking]

Digital Forensics is a branch of forensic science encompassing the recovery, investigation, examination and analysis of material found in digital devices. Originally used as a shorthand for computer forensics, the phrase "digital forensics" has come to refer to the analysis of all devices that may store digital data.



  • CAINE offers a complete interoperable forensic environment that is organized to integrate existing software tools as software modules.
  • CAINE can perform data analysis of data objects created on Microsoft Windows, Linux and some Unix systems.
  • CAINE can perform data analysis of data objects created on Microsoft Windows, Linux and some Unix systems.
  • Report Building : this is one of the main features of Caine OS. This features enable investigators to create a well structured and informed report to avoid any unnecessary technical details for the purpose of communication during the investigation or examination.
  • Write Blocker : One of the key forensic features since version 9.0 is that it sets all block devices by default to read-only mode. Write-blocking is a critical methodology to ensure that disks are not subject to writing operations.
  • When in live mode, Caine OS can access storage data objects to gather digital evidence without booting the operating system, preventing the evidence from being tampered with.
  • CAINE includes scripts activated within the Caja web browser designed to make examination of allocated files simple. Currently, the scripts can render many databases, internet histories, Windows registries, deleted files, and extract EXIF data to text files for easy examination


Main Components

a) The Sleuth Kit : It is a set of C library and command line utilities that enables you to examine disk images and recover files from them. It is utilized in Autopsy and several other free source and paid forensics programs in the background. It enables investigators to identify and recover evidence from images acquired during incident response or from live systems. Some of its applications are:-

  • For understanding what data is stored on a disk drive, even if the operating system has removed all metadata.
  • For recovering deleted image files
  • Summarizing all deleted files.

b) Autopsy : It is a digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card. Autopsy can also analyzes major file systems. It has different feature like Timeline Analysis, Web artifact, Multi-user Case, Registry Analysis, Email Analysis, Exif, File Type Detection, Robust File System Analysis

c) RegRipper : RegRipper is an open source tool, written in Perl, for extracting/parsing information (keys, values, data) from the Registry and presenting it for analysis.

d) Tinfoleak : This tool is known as the most complete open-source tool for Twitter intelligence analysis.

e) Wireshark : It is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises. Some features

  • Packet Capture: Wireshark listens to a network connection in real time and then grabs entire streams of traffic – quite possibly tens of thousands of packets at a time.
  • Filtering: Wireshark is capable of slicing and dicing all of this random live data using filters. By applying a filter, you can obtain just the information you need to see.
  • Visualization: Wireshark, like any good packet sniffer, allows you to dive right into the very middle of a network packet. It also allows you to visualize entire conversations and network streams.

f) PhotoRec : It is a file data recovery software designed to recover lost files including video, documents and archives from hard disks, CD-ROMs, and lost pictures (thus the Photo Recovery name) from digital camera memory.

g) Btrfs: It is a modern copy-on write (CoW) filesystem for Linux aimed at implementing advanced features while also focusing on fault tolerance, repair, and easy administration.



Now let’s see how to download and install Caine OS on a virtual machine. For the virtual machine we have chosen VirtualBox. First you need to download the latest ISO image file from the official website.

After downloading the image in your local system, you need to open VirtualBox and click on Machine -> New as shown below.

Then you need to provide a meaningful name to the virtual machine. Select the folder location where you would like to save all the virtual machine files and then select the Type as Linux and Version as Ubuntu(64-bit) as shown below. Click on Next to continue.

In the next screen, you need to allocate a minimum of 1024 MB or 1GB memory size to the virtual machine as shown below. Click on Next to continue.

After entering the memory size, next you need to choose the hard disk file type. In our case, we are choosing the default VDI(VirtualBox Disk Image) but you can choose any file type depending on your requirement. Then click on Next.

Next you need to add a virtual hard disk to your virtual machine. You can select any of the below option depending on your requirement. For now, we are going to create a new virtual hard disk by selecting Create a virtual hard disk now option as shown below. Then click on Create.

After successfully creating a virtual project, now you just have to start the virtual machine and browse to  the ISO file location to start the installation process. You will see below screen appearing in your boot screen. Here you need to select Boot Live in RAM as shown below.

After booting successfully to the live OS, you should be able to see below Desktop screen.

It is important to note here that since the current Caine 12.4 sidereal version is currently not available to install so for now you just have to boot to the live OS.



Digital Forensics is a branch of forensic science that deals with digital evidence in solving a crime under the regulations of law. It is concerned with a broad range of data, allowing an expert to examine evidence for the unique circumstances surrounding an event. Caine is one of the OS that consists of numerous collections of Digital forensics investigative tools.

Numerous software tools are offered by CAINE Linux for forensic, network, database, and memory investigation. Many kinds of file formats like FAT/ExFAT, NTFS, Ext2, Ext3, HFS, and ISO 9660 File Image are possible to investigate in both command-line and graphical user interface modes.

Leave a Comment