Playbook

The Ultimate Guide To Docker & Kubernetes Forensics & Incident Response

As organizations continue to migrate their computing resources to cloud and container environments, attackers are right behind them. Virtualization technology has come a long way and has been great for enterprises across the board. However, the dynamic and ephemeral nature of these resources means they grow, shrink and recycle data in a way that makes it almost impossible for security experts to investigate a breach and understand which assets and data have been compromised. Hackers are taking advantage of this.

This playbook explores how attackers are compromising containerized system and best practices for conducting forensics and incident response of containerized applications including how to:

  • Acquire Amazon EKS systems
  • Export disks from Kubernetes containers on Windows with Hyper-V
  • Conduct Kubernetes memory forensics
  • And more…