Features and requirements
Feature summary
Easy-to-use interface — lets you navigate collection sources quickly and intuitively.
Collect only the files that count — Nuix Collector Suite can minimize the number of irrelevant files collected, using several configurable features:
Automatic file selection — Search (or “crawl”) folders or evidence files based on configurable criteria, including filename extension, Creation Date, Modification Date, Access Date, MD5 Hash Value, NTFS owner ID or SID. Full-text search is also available, supporting dozens of common file formats.
File signature analysis – Inspect and select files based on their binary signature (file type) – regardless of their filename extension.
Duplicate filtering — Collect only one copy of each unique file.
NIST filtering — Leverage the U.S. National Institute of Standards and Technology's database of known OS files, executables and other irrelevant files, to filter these files from your collections.
Custom filtering — Generate a custom file database for any set of files known to your organization, e.g. the files that make up a clean desktop hard disk image. Collections can automatically exclude all files found in your custom database.
By eliminating irrelevant files from your collections, Nuix Collector Suite speeds collection time, while minimizing network traffic and the size of the collected file set. This also ensures subsequent searching and analysis of the collected data is as rapid and responsive as possible.
Manual file selection — Add specific files to a collection from various sources.
Multiple sourcing — Aggregate files from various sources, including file shares, desktops, laptops, as well as standard forensic repositories including EnCase Logical Evidence Files (LEF) — at a fraction of the cost of hiring outside experts or using other, more costly tools.
Multiple outputs — Collect and preserve the contents of an evidence collection as a FileSafe container or as exact native copies.
End-to-end validation — Ensure that collected evidence is forensically-defensible via chain-of-custody logging. Data integrity is ensured by hashing collected files during collection and processing. Directory-level metadata (including Date Created, Accessed and Modified timestamps) is preserved throughout processing.
Collect Open Files — Leverage Microsoft's Volume Shadow Copy Service to collect open files on local volumes, including Exchange Server databases, Outlook PST/OST files, and other files that are often open.
Collect files lacking access permissions — Files migrated to or from an Active Directory domain may lack proper ACL information, rendering the file inaccessible even to a local administrator. Nuix Collector Suite can usually collect these files.
Scripting — Run Nuix Collector Suite using your own batch files, scripts or custom programs.
Flexible Logging and Reporting — Review and process collection results, by importing CSV log files into spreadsheets, databases and other applications. Optional XML logging allows collection results to be readily integrated with many other applications. Standard HTML reports are included, along with XSL templates and CSS style sheets to generate custom HTML reports.
Flexible Storage — Save collections and logs to local folders, network shares, Amazon S3 buckets or Azure Blob Storage containers.
What's new in Version 100.8.0
Nuix Collector Suite v100.8.0 includes the following changes:
Security improvements
Java 11 was updated to a build based on OpenJDK 11.0.22, which patches several security vulnerabilities.
OpenSSL was upgraded to version 3.2.0. Several other third-party libraries were updated to patch various security vulnerabilities.
Collection improvements
Collections which save to Azure Blob Storage now use the latest Azure SDK.
Fixed issues
See the Nuix Collector Suite Release Notes v100.8.0 for a list of fixes made since version 100.6.0.
System requirements
The following operating systems are supported for the full installation of Nuix Collector Suite:
Desktop Operating Systems, 32-bit and 64-bit editions
Windows 7
Windows 8.0 / 8.1
Windows 10 / 11
Server Operating Systems
Windows Server 2008 R2, 64-bit editions
Windows Server 2012 and 2012 R2, 64-bit editions
Windows Server 2016, 2019 and 2022, 64-bit editions
Processor
Minimum speed — 1.0 GHz
Intel Pentium/Celeron family, or newer
AMD K6/Athlon/Duron family, or newer
Memory
Minimum required — 512 MB of RAM. 4 GB RAM or more recommended for full-text search.
User Rights
Nuix Collector Suite programs must be installed and run by a user with local administrator rights. On Windows 7 and newer, the User Account Control feature will require elevated privileges.
Portable Collector can execute file collections, volatile information collections, disk image collections, and RAM image collections on the following operating systems:
Windows 7 or newer, and Windows Server 2008 or newer (32-bit and 64-bit editions)
Linux (32-bit and 64-bit editions)
Debian, Ubuntu and certain other Debian-based distributions
Fedora, Red Hat Enterprise Linux and certain other Red Hat-based distributions
Note: Advanced searches require a 64-bit operating system.
Note: Nuix Portable Collector for Linux is built on Ubuntu 18.04.5 LTS with Linux kernel 4.15 and glibc version 2.27. Linux distributions with older kernels or glibc libraries are not supported.
macOS and OSX (64-bit editions)
macOS 10.13 "High Sierra"
macOS 10.14 "Mojave"
macOS 10.15 "Catalina"
macOS 11 "Big Sur"
macOS 12 "Monterey"
macOS 13 "Ventura"
Note: Disk Image collections and RAM image collections on macOS are no longer supported.
Note: Before Portable Collector can execute on a Linux or macOS computer, a Portable Collection Device must be created on a Windows computer where Nuix Collector Suite is installed. The Portable Collection Device is created with the aid of the Nuix Collector Wizard and manual preparation steps. For details see topic Preparing a Portable Collection Device for Linux or Mac.
Licensing requirements
The following Nuix Collector Suite licenses are available:
| License |
Permits |
| Nuix Network Collector |
Survey, collect or delete files from local volumes and from network shares. Collect RAM images and volatile information. Must be prepared and executed from a Windows computer where Nuix Collector Suite is installed with a Nuix Network Collector license. |
| Nuix Portable Collector |
Survey, collect or delete files from local volumes and from network shares. Collect RAM images and volatile information. Collect disk images from local drives (physical volumes or logical disk partitions). Portable collections must be prepared on a Windows computer where Nuix Collector Suite is installed with a Nuix Portable Collector license. Portable collections may be executed by any supported Windows, Linux or macOS computer, from any external media or network share folder; however, any resulting file collections are stored as FileSafe files, which can only be processed on a computer licensed to run Nuix Collector Suite, Nuix Workstation or another Nuix product (licensed separately). |
| Nuix SharePoint Collector |
Preparation and execution of collections from SharePoint sites and search scopes. Requires a Network Collector license. Must be prepared and executed from a computer where Nuix Collector Suite is installed with a Nuix SharePoint Collector license. |
The Nuix Collector Wizard will disable (gray out) any features that are not licensed.
The Nuix Collector Evidence Browser must be run from a computer where Nuix Collector Suite is installed with one or more of the above licenses.
Collecting open files using ForensicSnapshot technology requires the following:
Running a Nuix Collector Wizard, Nuix Collector or Nuix Portable Collector – as a user with Local Administrator rights
Collecting from a local NTFS volume
Running on a Windows computer where the Volume Shadow Copy Service is installed and enabled
Note: Open files cannot always be successfully collected, particularly from FAT32 volumes, network shares or mapped network drives.