Visible to the public A Method of Docker Container Forensics Based on API

TitleA Method of Docker Container Forensics Based on API
Publication TypeConference Paper
Year of Publication2018
AuthorsXiang, Jie, Chen, Long
Conference NameProceedings of the 2Nd International Conference on Cryptography, Security and Privacy
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-6361-7
Keywordscloud computing, Docker API, Docker Forensics, Human Behavior, information forensics, integrity, Metrics, pubcrawl, resilience, Scalability
AbstractAs one of the main technologies supporting cloud computing virtualization, Docker is featured in its fast and lightweight virtualization which has been adopted by numerous platform-as-a-service (PaaS) systems, but forensics research for Docker has not been paid the corresponding attention yet. Docker exists to store and distribute illegal information as a carrier for initiating attacks like traditional cloud services. The paper explains Docker service principles and structural features, and analyzing the model and method of forensics in related cloud environment, then proposes a Docker container forensics solution based on the Docker API. In this paper, Docker APIs realize the derivation of the Docker container instances, copying and back-up of the container data volume, extraction of the key evidence data, such as container log information, configuration information and image information, thus conducts localized fixed forensics to volatile evidence and data in the Docker service container. Combined with digital signatures and digital encryption technology to achieve the integrity of the original evidence data protection.
Citation Keyxiang_method_2018