Attending this event?
Back To Schedule
Friday, June 16 • 3:00pm - 3:35pm
Forensic Analysis of Container Checkpoints

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Forensic container checkpointing was recently introduced as an alpha feature in Kubernetes. This feature allows to transparently save the state of running a container as a collection of image files to persistent storage that can be used to reconstruct the processes inside a container and the data they have used at the time when the checkpoint was created.
In this talk we will focus on exploring a set of tools and methods that can be used to analyze container checkpoints and extract useful information, such as application's memory, metadata, timestamps, open files, network sockets, and to recover deleted (ghost) files. These tools can be used to examine the captured runtime state of all processes running in a container and to uncover evidence of malicious activity.

avatar for Radostin Stoyanov

Radostin Stoyanov

Student, University of Oxford
Radostin Stoyanov is a PhD student at the University of Oxford and a Software Engineer in the Core Kernel Team at Red Hat.

Friday June 16, 2023 3:00pm - 3:35pm CEST
G202 | Talks
Feedback form isn't open yet.