MIG is Mozilla’s platform for investigative surgery of remote endpoints.
It enables investigators to obtain information from large numbers of systems in parallel, thus accelerating investigation of incidents and day-to-day operations security.
MIG is composed of agents installed on all systems of an infrastructure that are be queried in real-time to investigate the file-systems, network state, memory or configuration of endpoints. MIG agents are designed to be lightweight, secure, and easy to deploy
It’s an army of Sherlock Holmes, ready to interrogate your infrastructure within seconds.
MIG uses a REST API that receives signed JSON messages distributed to agents via RabbitMQ and stored in a Postgres database.
Key Features
- File inspection.
- Network inspection.
- Memory inspection
- Vuln management.
- System auditing.
- Designed to be fast, and asynchronous.
- It uses AMQP to distribute actions to endpoints, and relies on Go channels to prevent components from blocking.
- Running actions and commands are stored in a Postgresql database and on disk cache, such that the reliability of the platform doesn’t depend on long-running processes.
- Massively distributed means fast.
- Simple to deploy
- Secured using OpenPGP.
- Respectful of privacy by never retrieving raw data from endpoints.
- Cross-platform support.
Website: github.com/mozilla/mig
Support:
Developer: Mozilla Foundation
License: Mozilla Public License 2.0
MIG is written in Go. Learn Go with our recommended free books and free tutorials.
Related Software
| Digital Forensics Tools | |
|---|---|
| GRR Rapid Response | Remote live forensics for incident response |
| Radare2 | Portable reversing framework |
| The Sleuth Kit | Collection of tools for forensic analysis |
| Autopsy Forensic Browser | Graphical interface to SleuthKit |
| iaito | Official graphical interface for radare2 |
| Volatility | Advanced memory forensics framework |
| guymager | Forensic imaging tool based on Qt |
| dcfldd | Enhanced version of dd for forensics and security |
| rdd | Forensic copy program |
| Jomon | Network forensics and passive sniffer |
| Mozilla InvestiGator | Real-time digital forensics and investigation platform |
| Velociraptor | Endpoint visibility and collection tool |
| Timesketch | Collaborative forensic timeline analysis |
| Plaso | Python-based digital forensics framework |
| MemProcFS | View physical memory as files in a virtual file system |
| Chainsaw | Fast forensic triage and threat hunting tool for Windows artefacts |
Read our verdict in the software roundup.
 Explore our comprehensive directory of recommended free and open source software. Our carefully curated collection spans every major software category.This directory is part of our ongoing series of informative articles for Linux enthusiasts. It features hundreds of detailed reviews, along with open source alternatives to proprietary solutions from major corporations such as Google, Microsoft, Apple, Adobe, IBM, Cisco, Oracle, and Autodesk. You’ll also find interesting projects to try, hardware coverage, free programming books and tutorials, and much more. Discovered a useful open source Linux program that we haven’t covered yet? Let us know by completing this form. |