Container forensics analysis and postmortem

Container forensics analysis and postmortem

Nov 21, 2018

This is how we can perform forensics and postmortem analysis after someone hacking into our container and downloading some malware. In this case was a Wordpress instance running on Docker in Kubernetes.

Forensic analysis and postmortems are not easy on distributed, dynamic environments, especially with the ephemeral nature of containers.

So when a security incident occurs, we need to rely on software to answer questions like:

  • What happened?
  • What was the breach?
  • Was any data exfiltrated?
  • How they did break into my system?
  • Who did it?

Sysdig offers the first unified approach to container security, monitoring, and forensics. DevSecOps teams and security analysts can now run containers in production with Sysdig Secure, without worrying how they might perform forensic analysis and postmortems after a security incident.