MIG: Mozilla InvestiGator – real-time digital forensics and investigation platform

MIG is Mozilla’s platform for investigative surgery of remote endpoints.

It enables investigators to obtain information from large numbers of systems in parallel, thus accelerating investigation of incidents and day-to-day operations security.

MIG is composed of agents installed on all systems of an infrastructure that are be queried in real-time to investigate the file-systems, network state, memory or configuration of endpoints. MIG agents are designed to be lightweight, secure, and easy to deploy

It’s an army of Sherlock Holmes, ready to interrogate your infrastructure within seconds.

MIG uses a REST API that receives signed JSON messages distributed to agents via RabbitMQ and stored in a Postgres database.

Features include:

  • File inspection.
  • Network inspection.
  • Memory inspection
  • Vuln management.
  • System auditing.
  • Designed to be fast, and asynchronous.
  • It uses AMQP to distribute actions to endpoints, and relies on Go channels to prevent components from blocking.
  • Running actions and commands are stored in a Postgresql database and on disk cache, such that the reliability of the platform doesn’t depend on long-running processes.
  • Massively distributed means fast.
  • Simple to deploy
  • Secured using OpenPGP.
  • Respectful of privacy by never retrieving raw data from endpoints.
  • Cross-platform support.

Website: github.com/mozilla/mig
Developer: Mozilla Foundation
License: Mozilla Public License 2.0


MIG is written in Go. Learn Go with our recommended free books and free tutorials.

Return to Digital Forensics Home Page

Read our complete collection of recommended free and open source software. The collection covers all categories of software.
Share this article