turbinia
Turbinia
Summary
Turbinia is an open-source framework for deploying, managing, and running distributed forensic workloads. It automates common forensic processing tools (e.g., Plaso, TSK, strings) to process evidence in the Cloud, scale processing of large amounts of evidence, and decrease response time by parallelizing processing where possible.
How it works
Turbinia is composed of client, server, and worker components. These components can run in the Cloud, on local machines, or as a hybrid of both. The Turbinia client makes requests to process evidence to the Turbinia server. The server creates logical jobs from these incoming user requests, which schedules forensic processing tasks to be run by the workers. Evidence is split up and many tasks are created to process it in parallel.
Status
Turbinia is currently in Alpha release.
Installation
An installation guide can be found here.
Usage
To get started:
- Start Turbinia server component with
turbiniactl servercommand. - Start Turbinia API server component with
turbiniactl api_servercommand if using. - Submit new requests to the Turbinia API server.
Check out the turbinia-client documentation page for a detailed user guide.
Other documentation
- Main Documentation
- Installation
- How it works
- Operational Details
- Turbinia client CLI tool
- Turbinia API server
- Turbinia Python API library
- Contributing to Turbinia
- Developing new Tasks
- FAQ
- Debugging and Common Errors
- Using Docker to execute jobs
> Visit turbinia Website <