Method of Digital Forensic Investigation of Docker-Based Host

Kim Hyeon Seung; Sang Jin Lee

Method of Digital Forensic Investigation of Docker-Based Host

Kim Hyeon Seung

Sang Jin Lee

KIPS Transactions on Computer and Communication Systems, Vol. 6, No. 2, pp. 75-86, Feb. 2017

10.3745/KTCCS.2017.6.2.75, PDF Download:

Keywords: Docker, image, Container, Inactive State
Abstract

Docker, which is one of the various virtualization technology in server systems, is getting popular as it provides more lightweight environment for service operation than existing virtualization technology. It supports easy way of establishment, update, and migration of server environment with the help of image and container concept. As the adoption of docker technology increases, the attack motive for the server for the distribution of docker images and the incident case of attacking docker-based hosts would also increase. Therefore, the method and procedure of digital forensic investigation of docker-based host including the way to extract the filesystem of containers when docker daemon is inactive are presented in this paper.

Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from September 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.

Cite this article

[IEEE Style]

K. H. Seung and S. J. Lee, "Method of Digital Forensic Investigation of Docker-Based Host," KIPS Transactions on Computer and Communication Systems, vol. 6, no. 2, pp. 75-86, 2017. DOI: 10.3745/KTCCS.2017.6.2.75.

[ACM Style]

Kim Hyeon Seung and Sang Jin Lee. 2017. Method of Digital Forensic Investigation of Docker-Based Host. KIPS Transactions on Computer and Communication Systems, 6, 2, (2017), 75-86. DOI: 10.3745/KTCCS.2017.6.2.75.