turbinia
turbinia copied to clipboard
google
Automation and Scaling of Digital Forensics Tools
When downloading a Request output, which typically is large in size and can take a few minutes, it's difficult to know that the first click to download worked since you...
The turbinia client library currently sends all errors to the logger. If a client application using the library only sends the logger to a file, no errors will be displayed...
It would be a good idea to update our Task writing documentation (https://turbinia.readthedocs.io/en/latest/developer/developing-new-tasks.html) and add some more details that are specific to analysis Tasks. Here are some other things that...
We had a few tests that were calling out to third-party binaries and were also taking a long time to run. These were commented out in https://github.com/google/turbinia/pull/1133/files. We should find...
We've been accumulating more dependencies within Turbinia, and it would be good to document a policy or requirements around this to keep things maintainable. As a reference, here is what...
[Syft](https://github.com/anchore/syft) is a CLI that collects Software Bill of Materials (SBOM) aka software versioning from container images and filesystems. Could be useful for tracking software versions from evidence and can...
This might make a good vuln scanner for Turbinia since it can take a filesystem or container image (and is also apache 2 licensed): https://github.com/aquasecurity/trivy
Given that Plaso does not parse RecentFileCache [ref](https://github.com/log2timeline/plaso/issues/741), create a job to parse RecentFileCache on Windows machines. https://github.com/EricZimmerman/RecentFileCacheParser Also need to find a Linux compatible version since link shows it...
Implement a job that utilizes RegRipper to pull contextual summary information from Windows Registry Hives, useful for many types of investigations. Please see reference tools below.
WIP ### Description of the change Adds a new `AwsEbsVolume` evidence type for AWS EBS disks and the related pre/post-processors so we can attach and mount these disks. Other notes:...