10.23721/100/17586
External Data Source
Turbinia
IMPACT
2018
en
turbinia, 1348, source, inferlink corporation, external, external data source, inferlink, corporation, forensic, running, workloads, managing, distributed, framework, deploying, evidence, processing, server, tasks, cloud, workers, process, client, jobs, requests, components, creates, task, pubsub, google, created, queue, plaso, implementation, scaling, schedules, decreasing, continuously, logical, processed, response, automate, time, machines, user, discovered, fed, kombu, split, amounts, scheduling, communication, worker, incoming, parallelizing, messaging, hybrid, intended, other, tools, tsk, local, psq, celery, common, strings, composed, parallel
17586
1348
Turbinia is an open-source framework for deploying, managing, and running distributed forensic workloads.
Turbinia is intended to automate running of common forensic processing tools (i.e. Plaso, TSK, strings, etc) to help with processing evidence in the Cloud, scaling the processing of large amounts of evidence, and decreasing response time by parallelizing processing where possible.
Turbinia is composed of different components for the client, server and the workers. These components can be run in the Cloud, on local machines, or as a hybrid of both. The Turbinia client makes requests to process evidence to the Turbinia server. The Turbinia server creates logical jobs from these incoming user requests, which creates and schedules forensic processing tasks to be run by the workers. The evidence to be processed will be split up by the jobs when possible, and many tasks can be created in order to process the evidence in parallel. One or more workers run continuously to process tasks from the server. Any new evidence created or discovered by the tasks will be fed back into Turbinia for further processing.
Communication from the client to the server is currently done with either Google Cloud PubSub or Kombu messaging. The worker implementation can use either PSQ (a Google Cloud PubSub Task Queue) or Celery for task scheduling.