Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Pensieve - Finding Malicious Artifacts in Container Environments

Security BSides San Francisco via YouTube

Overview

Explore techniques for forensic investigation in container environments through this conference talk from BSidesSF 2018. Discover how traditional forensic tools fall short in ephemeral and immutable infrastructure, and learn about innovative approaches using Checkpoint and Restore in UserSpace (CRIU), Docker techniques, and other specialized tools. Gain insights into evidence retention and artifact gathering from known malicious containers, enabling security operators to better understand adversarial activities. Delve into topics such as namespaces, C Groups, layered and overlay file systems, memory layout, disk forensics, live analysis, and container metadata. Watch a demonstration of the Cryo Image Tool and understand how these methods can enhance security investigations in containerized environments.

Syllabus

Introduction
Pensieve
What are containers
Namespaces
C Groups
Layered File System
Overlay File System
Memory Layout
Disk forensics
Live analysis
Container metadata
Traditional tools
Cryo Image Tool
Demo
Summary

Taught by

Security BSides San Francisco

Reviews

Start your review of Pensieve - Finding Malicious Artifacts in Container Environments

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.