Browse > Article
http://dx.doi.org/10.3745/KTCCS.2017.6.2.75

Method of Digital Forensic Investigation of Docker-Based Host  

Kim, Hyeon Seung (고려대학교 정보보호대학원 정보보호학과)
Lee, Sang Jin (고려대학교 정보보호대학원)
Publication Information
KIPS Transactions on Computer and Communication Systems / v.6, no.2, 2017 , pp. 75-86 More about this Journal
Abstract
Docker, which is one of the various virtualization technology in server systems, is getting popular as it provides more lightweight environment for service operation than existing virtualization technology. It supports easy way of establishment, update, and migration of server environment with the help of image and container concept. As the adoption of docker technology increases, the attack motive for the server for the distribution of docker images and the incident case of attacking docker-based hosts would also increase. Therefore, the method and procedure of digital forensic investigation of docker-based host including the way to extract the filesystem of containers when docker daemon is inactive are presented in this paper.
Keywords
Docker; Image; Container; Inactive State;
Citations & Related Records
Times Cited By KSCI : 6  (Citation Analysis)
연도 인용수 순위
1 B. R. Cha and E. J. Kang, "Global Network Verification Test for Docker-based Secured mobile VoIP," Smart Media Journal, Vol. 4, no.4, pp. 47-55, 2015
2 Data dog article, "8 surprising facts about real docker adoption"[Internet], https://www.datadoghq.com/docker-adoption/.
3 Right Scale Survey, "New DevOps Trends: 2016 State of the Cloud Survey" [Internet], http://www.rightscale.com/blog/cloud-industry-insights/new-devops-trends-2016-state-cloud-survey.
4 Yu-mi Bae, Sung-jae Jung, and Woo-young Soh, "Comparative Analysis of the Virtual Machine and Containers Methods through the Web Server Configuration," Journal of the Korea Institute of Information and Communication Engineering, vol.18, No. 11, pp. 2670-2677, 2014.   DOI
5 Jung-Yeon Hwang and Ho-Yong Ryu, "Performance Comparison and Forecast Analysis between KVM and Docker," Journal of KIIT, Vol. 13, No. 11, pp. 127-136, 2015.
6 Ann Mary Joy, "Performance comparison between Linux containers and virtual machines," Computer Engineering and Applications (ICACEA), 2015 International Conference, pp. 342-346, 2015.
7 Andrea Tosatto, Pietro Ruiu, and Antonio Attanasio, "Container-based orchestration in cloud:state of the art and challenges," 2015 Ninth International Conference on Complex, Intelligent, and Software Intensive Systems, pp. 70-75, 2015.
8 P. China Venkanna Varma, Venkata Kalyan Chakravarthy K., V. Valli Kumari, and S. Viswanadha Raju, "Analysis of a Network IO Bottleneck in Big Data Environments Based on Docker Containers," Big Data Research, Vol. 3, pp. 24-28, 2016.   DOI
9 Y. J. Lee and S. R. Rim1, "A scheme of Docker-based Version Control for Open Source Project," Journal of the Korea Academia-Industrial Cooperation Society, Vol. 17, No. 2, pp. 8-14, 2016.   DOI
10 J. W. Park and Jaegyoon Hahm, "Container-based Cluster Management System for User-driven Distributed Computing," KIISE Transactions on Computing Practices, Vol. 21, No. 9, pp. 587-595, 2015.   DOI
11 Thanh Bui, "Analysis of Docker Security" [Internet], https://pdfs.semanticscholar.org/ab69/38ec199280213fc092b45abd6170ec95abda.pdf.
12 Lenny Zeltser, "Running Malware Analysis Apps as Docker Containers"[Internet] https://digital-forensics.sans.org/blog/2014/12/10/running-malware-analysis-apps-as-docker-containers.
13 Dohyun Kim, Jungheum Park, and Sangjin Lee, "File Carving for Ext4 File Systemon Android OS," Journal of the Korea Institute of Information Security & Cryptology (JKIISC) Vol. 23, No. 3, pp. 417-429, 2013.   DOI
14 Jae-hyoung Ahn, Jung-heum Park, and Sang-jin Lee, "The Rese arch on the Recovery Techniques of Deleted Files in the XFS Filesystem," Journal of the Korea Institute of Information Security & Cryptology, Vol. 24, No. 5, pp. 885-896, 2014.   DOI