MIG (Mozilla InvestiGator)
Tool and Usage
|Latest release||20170308-0.4e9b29f.dev |
Why this tool?
MIG provides a platform to perform investigative analysis on remote systems. By using the right queries, information can be obtained from these systems. This all happens in parallel, making intrusion detection, investigation, and follow-up easier.
How it works
MIG uses a client-server model and communicates via AMQP. By using custom queries or pre-defined JSON files (playbooks), all endpoints can be queried. All communications are encrypted or signed, to decrease the chance of a malicious actor abusing the platform.
Usage and audience
MIG is commonly used for digital forensics or intrusion detection. Target users for this tool are auditors, forensic specialists, security professionals, and system administrators.
- Command line interface
- Focus on high performance
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
- + More than 25 contributors
- + More than 1000 GitHub stars
- + The source code of this software is available
- + Supported by a large company
Supported operating systems
MIG is known to work on Linux, macOS, and Microsoft Windows.
Similar tools to MIG:
GRR is a security tool for live forensics on remote systems. It uses a client-server model to obtain information from the systems and store them centrally.
Volatile memory framework used for forensics and analysis purposes. The framework is written in Python and runs on almost all platforms.
The Sleuth Kit is a toolkit to investigate disk images and do forensic analysis on them.
Found an improvement? Help the community by submitting an update.