Skip to content

Releases: google/turbinia

d648809
Compare
Choose a tag to compare

What's Changed Summary

  • Turbinia Web UI V1 and related containers and deployment scripts
  • Turbinia API Server and docker container
  • New Yara scanner with new rules/analysis and replacement of text matching analysis Tasks
  • Support for ExpertWitnessFormat disk images
  • Filter/Optimize Partitions Processed by default
  • Optimize PlasoJob by splitting into parallel subtasks and other optimizations
  • Extract domain controller creds and support for Yescrypt for password cracking
  • Loopback device race condition + device check fixes
  • Different extensions for psort output_formats
  • Standardizing stdout and sterr for docker and system executions
  • Several other bugfixes and clean-ups

New Contributors

Full Changelog: 2022070...2022091

e349064
Compare
Choose a tag to compare
  • Update task_manager to set psq only when server is running
  • Add scripts for deployment of dfDewey datastores
  • New PGSQL account analyser
  • Integration of custom Yara rules to be used by the Loki analyzer
  • Update triage recipes to match new artifact names
  • Change default logger to stdout from stderr
  • Yara rule to detect Redis exploitation and enables Kinsing detection rules by increasing max file size
  • Few fixes to k8s scripts around IAM permissions to cluster and enabling GCP resources
  • Adding descriptive Evidence names
  • Other minor bug fixes and enhancements
2e87a91
Compare
Choose a tag to compare
  • Generate timelines for each enumerated docker container individually
  • Tracking/storing bulk request group_name and reason (incident ID) for requests
  • Fix server-side task timeout issue causing server crash
  • Several changes to partition enumeration to make it more stable and transparent
  • Updated build uses new dfVFS version which fixes partition enumeration path_spec errors
  • Update FilesystemTimelineTask to use updated dfVFS interface
  • Updates to GKE management script to make running version explicit
  • Fixes for Job allow/deny lists and Yara rules to work with CLI flags
  • Refactoring PubSub client to use discover API client
  • Fixes so analysis Tasks can run inside enumerated containers
  • Fix Evidence auto-upload from turbiniactl
4fcab02
Compare
Choose a tag to compare

Several Turbinia server stability fixes.

414655d
Compare
Choose a tag to compare
  • CI tests now use GIFT PPA staging
  • Recipe tests and improvements
  • Github Analyser (thanks @Fryyyyy )
  • Several smaller bug fixes related to task failure handling
b71ef60
Compare
Choose a tag to compare
  • Management scripts and documentation for deploying Turbinia into GKE
  • Bulk request status for multiple Evidence processing can now be queried with turbiniactl status -g <group id>
  • Recipes now accessible within pypi package without setting explicit RECIPE_FILE_DIR config variable or providing full path
  • Recipe handling refactored into client module to simplify setup for alternate clients (e.g. dfTimewolf)
  • Server-side Task timeouts allows the client to recover/return from fatal Worker/Task errors
  • Several bug fixes and error handling improvements
dad6c3c
Compare
Choose a tag to compare
  • Support for making bulk requests (processing multiple Evidence objects of the same type with a single turbiniactl command)
  • New FileSystemTimelineJob for creating timelines using dfimagetools
  • New quick triage recipes for MacOS/Linux and updated Windows recipe
  • New script for managing GKE Turbinia infrastructure
  • GKE Monitoring setup
  • Logs stored centrally using Filestore
  • Hadoop analyzer processing new artifact type
  • Log_dir and logging refactoring to save output per-request
  • dfDewey configuration in main config pushed through environment
  • Internal refactoring for component dependency isolation
  • Critical fixes for hanging Tasks and disk resource leaks that caused Task crashes along with several other bug fixes
c400bef
Compare
Choose a tag to compare
  • New GKE deployment support
  • Several new Tasks: Crontab analyzer, Loki scanner, dfDewey, Windows/Linux/Wordpress password crackers
  • Support for encrypted disks for Analyzer Tasks using image_export
  • Better load-balancing in PSQ based worker
  • Documentation updates
538252d
Compare
Choose a tag to compare
Add sketch_id to globals (#898)
854a84e
Compare
Choose a tag to compare
Set debug logging in e2e tests (#897)

* Set debug logging in e2e tests

* Add env vars