Return to search

Docker forensics: Investigation and data recovery on containers / Dockerforensik: Undersökning och datautvinning av containers

Container technology continuously grows in popularity, and the forensic area is less explored than other areas of research concerning containers. The aim of this thesis is, therefore, to explore Docker containers in a forensic investigation to test whether data can be recovered from deleted containers and how malicious processes can be detected in active containers. The results of the experiments show that, depending on which container is used, and how it is configured, data sometimes persists after the container is removed. Furthermore, file carving is tested and evaluated as a useful method of recovering lost files from deleted containers, should data not persist. Lastly, tests reveal that malicious processes running inside an active container can be detected by inspection from the host machine.

Identiferoai:union.ndltd.org:UPSALLA1/oai:DiVA.org:hh-42498
Date January 2020
CreatorsDavidsson, Pontus, Englund, Niklas
PublisherHögskolan i Halmstad, Akademin för informationsteknologi, Högskolan i Halmstad, Akademin för informationsteknologi
Source SetsDiVA Archive at Upsalla University
LanguageEnglish
Detected LanguageEnglish
TypeStudent thesis, info:eu-repo/semantics/bachelorThesis, text
Formatapplication/pdf
Rightsinfo:eu-repo/semantics/openAccess

Page generated in 0.0024 seconds