Install Turbinia

Overview

Turbinia can be deployed on either Google Cloud Platform or local machines using two primary installation methods: Kubernetes or Docker, which will be covered in this guide.

Once Turbinia is up and running using either Kubernetes or Docker, install and configure the turbinia-client CLI using the provided documentation to kick off your first processing request.

K8s Installation

To get started quickly, ensure you have Helm and Kubectl installed and are authenticated to your Kubernetes cluster.

Note: To simplify the process of initializing a Google Kubernetes Engine Cluster (GKE), use the init-gke.sh script. Alternatively, for local installations, consider using KIND or Minikube.

Once complete, add the repo containing the Helm charts as follows:

helm repo add osdfir-charts https://google.github.io/osdfir-infrastructure

If you had already added this repo earlier, run helm repo update to retrieve the latest versions of the packages. You can then run helm search repo osdfir-charts to see the available charts.

To install the Turbinia chart using a release name of my-release:

helm install my-release osdfir-charts/turbinia

To uninstall the chart:

helm uninstall my-release

For instructions on installing Turbinia along with our other integrated DFIR tools, refer to the main OSDFIR Infrastructure repository. Additionally, refer to the Turbinia Helm chart README for a comprehensive list of configuration options.

Docker Installation

The second way to run Turbinia is through the provided Docker containers.

Caveats

rawdisk: As Turbinia uses the loop device to mount different types of evidence (eg raw disks) the host operating system should support the loop device. Linux is currently the only OS that supports the processing of raw disks.

googleclouddisk: Turbinia running in Docker cannot currently process Google Cloud disks.

DOCKER_ENABLED: If you plan to enable running dependencies in containers make sure you have Docker installed.

Steps

Step 1

Checkout the Turbinia source code. If you intend to start developing please fork the repository on github first and check out your own forked instance.

git clone https://github.com/google/turbinia.git
cd turbinia

Step 2

Generate configuration file using sed with default local stack values to the ./conf folder. This folder (and supporting folders) will be mapped by docker compose into the containers.

mkdir -p ./conf && mkdir -p ./tmp && mkdir -p ./evidence && mkdir -p ./certs && chmod 777 ./conf ./tmp ./evidence ./certs
sed -f docker/local/local-config.sed turbinia/config/turbinia_config_tmpl.py > conf/turbinia.conf

Step 3

Let’s bring up the local Turbinia stack

docker-compose -f ./docker/local/docker-compose.yml up

A Turbinia server, worker, api and Redis should now be running on your local system and a local persistent ‘evidence’ folder will have been created containing the Turbinia log file and processing output.

Note: Redis will store it’s data in a volume that is mapped to ./redis-data/. You can adjust this in the docker-compose.yml configuration.