Massively Parallel Forensics with Turbinia
Turbinia, an open source project to allow for massively parallel forensic artifact extraction, was demonstrated at OSDFCon 2015. Three years later, what was originally a limited (albeit functional) tech demo has evolved into a platform capable of automatically performing a litany of forensic extraction tasks, at scale, with minimal user interaction. If you’re using Google’s Cloud platform, Turbinia deployment is more-or-less turnkey. If you aren’t, it’s… a bit more work. In this workshop, we’ll show you how to turn a pile of machines (physical or virtual, on or off premises) into a savage, evidence slicing and dicing juggernaut.
- Laptop with approximately 20G of free space that is capable of running either VMWare or VirtualBox.
Eric Zinnikas is a Security Engineer at Facebook. He currently focuses on threat detection and incident response, while recently having worked on projects focused around automation and sandboxing to understand attacker techniques. Eric holds a Bachelor of Science in Computer Science from the University of Maryland.
Cory Altheide has nearly two decades of information security, forensics & incident investigations experience. During this time he has performed numerous investigations in a variety of industries, ranging from financial crimes to state-sponsored espionage. Additionally, he is the primary author of “Digital Forensics with Open Source Tools." Cory is currently a security engineer specializing in forensics and incident response at Facebook.