Turbinia: Automation of Forensic Processing in the Cloud

Aaron Peterson
Google

Thomas Chopitea
Google

Track 1

Ever wanted to do forensics and feel good about it? This talk will introduce you to Turbinia: A forensic tools automation framework for the cloud. Throughout this talk, we’ll reveal the details of how Turbinia operates, showing how tools like dftimewolf can integrate it with GRR and Timesketch as part of an efficient forensics workflow. We’ll showcase Turbinia’s capabilities by seeing how Greendale (a fictitious but very famous university) used it to articulate an effective response to a pretty severe incident last summer—all on a state-financed university budget!

Aaron Peterson
Aaron Peterson is a Security Engineer and Forensics Investigator at Google, and previously he worked at Harvard University on the Network Security Incident Response team. He enjoys the intersection of computer security and automation, and is currently focused on Cloud forensics at scale.

Thomas Chopitea
Thomas Chopitea is a forensics investigator and engineer at Google (he used to do work at the CERT of a big financial institution, but he’s fine now). When he’s not writing code and hunting down bad guys, he enjoys poking malware with a long stick and reading up on threat intelligence processes. His long-term professional goal is to automate himself out of a job.