Massively Parallel Forensics with Turbinia

Eric Zinnikas
Facebook

Cory Altheide
Facebook

Workshops

Turbinia, an open source project to allow for massively parallel forensic artifact extraction, was demonstrated at OSDFCon 2015. Three years later, what was originally a limited (albeit functional) tech demo has evolved into a platform capable of automatically performing a litany of forensic extraction tasks, at scale, with minimal user interaction. If you’re using Google’s Cloud platform, Turbinia deployment is more-or-less turnkey. If you aren’t, it’s… a bit more work. In this workshop, we’ll show you how to turn a pile of machines (physical or virtual, on or off premises) into a savage, evidence slicing and dicing juggernaut.

Requirements:

  • Laptop with approximately 20G of free space that is capable of running either VMWare or VirtualBox.

Eric Zinnikas

Eric Zinnikas is a Security Engineer at Facebook. He currently focuses on threat detection and incident response, while recently having worked on projects focused around automation and sandboxing to understand attacker techniques. Eric holds a Bachelor of Science in Computer Science from the University of Maryland.

Cory Altheide

Cory Altheide has nearly two decades of information security, forensics & incident investigations experience. During this time he has performed numerous investigations in a variety of industries, ranging from financial crimes to state-sponsored espionage. Additionally, he is the primary author of “Digital Forensics with Open Source Tools." Cory is currently a security engineer specializing in forensics and incident response at Facebook.