MIG – Real-time IR and Investigation Platform

Mozilla Investigator MIG is a platform to perform investigative surgery on remote endpoints. It enables investigators to obtain information from large numbers of systems in parallel, thus accelerating investigation of incidents and day-to-day operations security.

Mozilla Investigator MIG - Real-time Digital Forensics and Investigation Platform
Mozilla Investigator MIG – Real-time Digital Forensics and Investigation Platform

MIG is composed of agents installed on all systems of an infrastructure that are be queried in real-time to investigate the file-systems, network state, memory or configuration of endpoints.

All parameters are built into the agent at compile time, including the list and ACLs of authorized investigators. Security is enforced using PGP keys, and even if MIG’s servers are compromised, as long as keys are safe on investigator’s laptop, no one will break into the agents.

Features and functionality included are as follows:

  • File inspection
  • Network inspection
  • memory inspection
  • vulnerability management
  • system auditing

Mozilla InvestiGator uses signed JSON actions that represent the investigation operation performed by a pool of agents. The JSON format is designed to be easy to read and easy to write without the help of a program. The long term goal is to allow investigators to share documents easily.

There are a large list of Indicator of compromise such as yara and openIOC. user may also create and update IOC as required to new vulnerabilities or hashes.

You can read more and download it over here: https://github.com/mozilla/mig

Share