Linux Containers Forensics

Digital Forensics

LCF

Scheduled

Cyber Funded Research (CFR)

January 2026 December 2029

49 months

Thibault Debatty

Docker Linux

Container-based applications, powered by technologies such as Docker and orchestrated by platforms like Kubernetes, have become foundational to modern software deployment due to their efficiency, scalability, and portability.

However, these advantages come with new security challenges. Containers are not immune to security breaches - threats such as container escapes, image tampering, and misconfigured orchestration layers can compromise entire environments. Investigating such incidents is particularly complex due to the dynamic and ephemeral nature of containers, the distributed nature of orchestrated deployments, and the sheer volume of logs and artifacts generated across nodes and layers.

While several studies have explored the domain of container forensics (e.g., Alqahtany et al., 2020; Martins et al., 2021; Alharbi et al., 2022), current solutions often struggle with performance, completeness, and automation in real-world environments.

This research project aims to advance the state of container forensics by developing more efficient evidence collection and analysis techniques that are orchestration-aware, scalable, and suitable for real-time or near-real-time investigations.

  • Alqahtany, S., et al. (2020). Docker Forensics: An Analysis of Container Persistence and Data Recovery.
  • Martins, R., et al. (2021). Forensics in Container-Based Environments: Docker and Kubernetes Case Studies.
  • Alharbi, S., et al. (2022). Challenges in Kubernetes Forensics: A Survey and Future Directions.
Continuous Deploy with GitLab, Docker and Portainer

DevOps Docker GitLab

In a previous blog post I presented Portainer, a simple Docker stacks management interface. One of the nice features of Portainer is the possibility to create webhooks to automatically update existing stacks. In this post I’ll show how to combine this feature with GitLab pipelines to implement continuous deployment of Docker stacks.

Read
Aug 27, 2025 | 2127 views
Simplify Your Docker Management with Portainer

Docker Sysadmin

Docker and containers have revolutionized the way we build, ship, and run applications! However, managing multiple containers and services can become increasingly complex. That’s where Portainer comes in! This powerful and intuitive container management web application makes it easy to deploy, manage, and monitor your Docker environments.

Read
Aug 22, 2025 | 2436 views
GHOSTS v8.0 Implementation: Orchestrating Realistic Traffic for PoC Attack Simulation and Log Monitoring

Python Windows Docker Network analysis and visualization Virtualization Offensive Security

In red-blue team attack scenarios, testing threats and attacks on isolated machines can make detection overly simplistic. This is because the attacks are the only activity on the network, which does not accurately reflect real-world conditions. In reality, cyberattacks often occur during working hours and blend seamlessly with normal user activities. The larger the organization, the more extensive the network, making it increasingly challenging t...

Read
Mar 10, 2025 | 3340 views
Introducing Dogrant: A Streamlined Vagrant Configuration CLI

Virtualization Docker Python

Dogrant is a Python-powered command-line interface (CLI) designed to streamline the management of Vagrant environments and configurations, with seamless integration for Docker Compose. Packed with features for managing memory allocation, CPU usage, synced folders, forwarded ports, and more, Dogrant offers developers an efficient solution for creating and managing VMs tailored to run Docker projects.

Read
Dec 16, 2024 | 1366 views
This website uses cookies. More information about the use of cookies is available in the cookies policy.
Accept