Workflows

Workflows orchestrate the execution of digital forensic tasks within a distributed, containerized environment. They provide a structured framework for designing and automating complex investigative processes.

Architecture and Execution

Each task within a workflow runs in an isolated Docker container to prevent process interference. Communication between containers and the core system is managed by a Celery task queue, ensuring robust coordination and data exchange.

Workflows support two primary execution models, which can be combined:

Pipelines: Tasks are executed sequentially, with the output of one task serving as the input for the next. This model is for processes with linear dependencies.
Parallel Groups: Tasks within a group are executed concurrently. This model is used to maximize resource utilization for independent tasks.

Pipelines and Parallel Groups can be nested to construct complex workflows with both sequential and concurrent stages.

Management and Collaboration

A user interface is provided for visual workflow creation. Workflows can be shared between users or copied and modified to support collaboration and experimentation. Frequently used workflows can be saved as templates to enable rapid and consistent deployment across different investigations.

Life of a workflow

Last updated on August 25, 2024

Key concepts API docs