Modular Inspection Network Xfer Agent (minx)

Introduction

minx is a command line tool that runs on an endpoint target machine, acting as an agent to collect data from the endpoint and send it a central forensics workstation running the nx tool. Therefore, to understand minx, one needs to understand nx.

As background, the nx tool can act as both a client and server for the purposes of transferring data from more than one computer (acting as clients) to a central computer (acting as the server). The central computer, in this case, would be the forensic workstation gathering information during an incident response collection. The clients would be those computers that are under investigation. minx and nx clients can co-exist and both work with an nx server as shown below

nx/minx architecture

Like many of the TZWorks tools, when nx runs, it needs a valid license file to be resident in the location where nx is run from. When operating in a client mode, the nx client capabilities are limited to just standard file copying and/or piping output from another tool. Any scripting of the nx client in performing multiple operations require one to use a batch file or shell script, where each command would invoke a separate instance of the nx client. In this scenario, multiple instances of nx would be running at the same time; one for the server, and a separate instance for each client.

Some agent enhancements minx incorporates over nx, includes:

The minx scripting capability allows any of functionality list above to be packaged into a script to be acted on in one session. These scripts can be run locally manually from the endpoint or automatically, via stored scripts on the nx server side. For the latter option, one can configure minx to query the nx server for any available script to be forwarded to it. Once minx receives a script from the nx server, it will immediately execute it. So if you wanted to pull the $MFT file, all the registry hives, event logs, or spawn your favorite tool resident on the endpoint computer, it can be easily scripted and given to minx to execute on a live endpoint. All data collected by minx, in this way, is encrypted and sent to the central forensics workstation running nx.


For more information

For details on its capabilities and how to use them, the user's guide can be viewed here: here

If you would like more information about minx, contact us via email.

Downloads

32-bit Version64-bit Version
Windows:minx32.v.0.13.win.zipminx64.v.0.13.win.zipmd5/sha1
Linux:minx32.v.0.13.lin.tar.gzminx64.v.0.13.lin.tar.gzmd5/sha1
Mac OS X:minx.v.0.13.osx.tar.gzminx.v.0.13.osx.tar.gzmd5/sha1
*32bit apps can run in a 64bit linux distribution if "ia32-libs" (and dependencies) are present.