Forensic Analysis of Container Checkpoints

Explore forensic container checkpointing, an alpha feature in Kubernetes, in this DevConf.CZ 2023 conference talk. Delve into the process of saving running container states as image files for persistent storage, enabling reconstruction of container processes and data. Discover a range of tools and methods for analyzing container checkpoints, extracting valuable information such as application memory, metadata, timestamps, open files, and network sockets. Learn techniques to recover deleted (ghost) files and examine the captured runtime state of all processes within a container. Gain insights into uncovering evidence of malicious activity through forensic analysis of container checkpoints. Presented by Radostin Stoyanov, this 26-minute talk provides a comprehensive overview of forensic analysis techniques for container checkpoints and their applications in cybersecurity.