Pensieve - Finding Malicious Artifacts in Container Environments
Offered By: Security BSides San Francisco via YouTube
Course Description
Overview
Explore techniques for forensic investigation in container environments through this conference talk from BSidesSF 2018. Discover how traditional forensic tools fall short in ephemeral and immutable infrastructure, and learn about innovative approaches using Checkpoint and Restore in UserSpace (CRIU), Docker techniques, and other specialized tools. Gain insights into evidence retention and artifact gathering from known malicious containers, enabling security operators to better understand adversarial activities. Delve into topics such as namespaces, C Groups, layered and overlay file systems, memory layout, disk forensics, live analysis, and container metadata. Watch a demonstration of the Cryo Image Tool and understand how these methods can enhance security investigations in containerized environments.
Syllabus
Introduction
Pensieve
What are containers
Namespaces
C Groups
Layered File System
Overlay File System
Memory Layout
Disk forensics
Live analysis
Container metadata
Traditional tools
Cryo Image Tool
Demo
Summary
Taught by
Security BSides San Francisco
Related Courses
Cloud Computing Applications, Part 1: Cloud Systems and InfrastructureUniversity of Illinois at Urbana-Champaign via Coursera Introduction to Cloud Infrastructure Technologies
Linux Foundation via edX Introduction aux conteneurs
Microsoft Virtual Academy via OpenClassrooms The Docker for DevOps course: From development to production
Udemy Windows Server 2016: Virtualization
Microsoft via edX