2025-07-01, 15:55–16:30 (Europe/Paris), Amphitheater 122
OpenRelik is a new decentralized, distributed, containerized incident response forensic artifact processing pipeline. We’ll talk about the main goal behind the project and its architecture, but also lessons we’ve learned from past attempts at building this, and how we’ve solved them this time around. Demos included!
This talk will cover:
-
OpenRelik: what is it, who is it for, how do we use it?
-
lessons learnt from the past: Turbinia, its architecture, and why that wasn’t cutting it anymore
-
Architecture: decentralized workers via containers, redis pub sub channel, shared file system, mediator server
-
life of a workflow: how we go from uploading evidence to retrieving results.
-
How OpenRelik integrates with other tools such as Timesketch and Yeti. How to write a worker that integrates with your tools.
Thomas Chopitea is a forensics investigator and engineer at Google (he used to do work in the CERT of a big financial institution, but he’s fine now). When he’s not writing code and hunting down bad guys, he enjoys poking malware with a long stick and reading up on threat intelligence processes. His long-term professional goal is to automate himself out of a job.