turbinia
turbinia copied to clipboard
google
Automation and Scaling of Digital Forensics Tools
Currently Turbinia assumes that it runs as a user with sudo privileges. We should add methods to the TurbiniaTask object to handle executing privileged commands rather than hard-coding sudo into...
(There is another open ended issue to track adding multiple job types, but I'm going to start breaking them out into their own issues).
Right now we will process the symlink as a file, but we should follow the symlink before adding the file to be processed.
Once we have a generic task, we can use a recipe to specify the command and parameters.
... Also set a TTL to the task.
We can add different worker pools that are created to match individual job types (e.g. so Plaso can have worker nodes that have more cpu than workers for other job...
This is so that multiple Turbinia Servers don't stomp on each other when using the same PubSub queue for scheduling tasks, etc.
The Turbinia Task templates in https://github.com/log2timeline/l2tscaffolder need to be updated to use the new Task report templating.
https://github.com/apache/tika "Apache Tika(TM) is a toolkit for detecting and extracting metadata and structured text content from various documents using existing parser libraries."
A Job based on https://www.fireeye.com/blog/threat-research/2019/09/open-sourcing-stringsifter.html would be nice (and easy).