![Page 1: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/1.jpg)
DFIR using Docker Containers
Incident Management on the go - Deep Shankar Yadav
![Page 2: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/2.jpg)
#root@charlie~:whoami
![Page 3: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/3.jpg)
#root@charlie~:whoami
• DFIR Practitioner
• Red Team Penetration Tester
• Security Analyst by Day; Ninja by Night
• Disaster Recovery Manager at n|u OWASP Delhi
![Page 4: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/4.jpg)
DISCLAIMERS
• Registered brands belong to their respective
owners.
• The information provided in this presentation is a
results of a proper internet search.
• No content in this presentation violates any
copyright or intellectual property.
![Page 5: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/5.jpg)
• What I am Gonna do ?
![Page 6: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/6.jpg)
Agenda
• What is DFIR?
• What is Docker?
• Why use Docker ?
• What can be used ?
• How to use
![Page 7: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/7.jpg)
What is DFIR?
![Page 8: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/8.jpg)
![Page 9: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/9.jpg)
![Page 10: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/10.jpg)
![Page 11: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/11.jpg)
![Page 12: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/12.jpg)
![Page 13: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/13.jpg)
Yes Sweety it’s all about it
![Page 14: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/14.jpg)
Recipe for Successful DFIR Practices
![Page 15: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/15.jpg)
What is Docker?
![Page 16: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/16.jpg)
What is Docker?
![Page 17: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/17.jpg)
What is Docker?
![Page 18: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/18.jpg)
VM vs Docker
![Page 19: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/19.jpg)
Why Docker?
• Isolation
• Lightweight
• Simplicity
• Workflow
• Community Support
![Page 20: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/20.jpg)
Docker Community
• 1500+ Contributors
• 100,000+ Dockerized Applications
• 3 to 4 Million Developers using Docker
• 300+ Million Downloads
• 35,000 Docker related projects
• 70% enterprises are using docker
![Page 21: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/21.jpg)
![Page 22: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/22.jpg)
DOCKER ENGINE
• DOCKER DAEMON
• DOCKER CLI
![Page 23: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/23.jpg)
DOCKER DAEMON
• Builds Images
• Runs and Manages Containers
• RESTful API
![Page 24: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/24.jpg)
Docker CLI
![Page 25: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/25.jpg)
Docker Hub
![Page 26: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/26.jpg)
What Applications can be used?
All of them (CLI and Web Interfaces)
![Page 27: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/27.jpg)
What are we going to see today
![Page 28: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/28.jpg)
![Page 29: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/29.jpg)
How to run images?
1. FIR: docker run -it -p 8000:8000 fir
2. CyberChef: docker run -d -p 2142:80 remnux/cyberchef
3. COMODO: docker run --rm -v !/null:/malware:ro malice/comodo <filename>
4. Malcom: docker run -p 2215:8080 -d --name malcom tomchop/malcom-automatic
5. Evolve: docker run --rm -it -v ~/null:/home/nonroot/memdumps -p 1337:8080 wzod/evolve bash
6. Volatility: docker run --rm -it -v ~/null:/home/nonroot/memdumps remnux/volatility bash
7. Mastiff: docker run --rm -it -v ~/null:/home/nonroot/workdir remnux/mastiff
8. Maltrive: docker run --rm -it -v ~/null:/archive remnux/maltrieve
9. Jsdetox: docker run --rm -p 3000:3000 remnux/jsdetox
10. PEScanner: docker run --rm -it -v ~/null:/home/nonroot/workdir remnux/pescanner bash
![Page 30: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/30.jpg)
Charlie, You
have been
awesome; can I
make sandwich
for you ?
![Page 31: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/31.jpg)
Any Questions Except?
![Page 32: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/32.jpg)
Need more details?
Keep an eye on my blog
https://www.deepshankaryadav.net
![Page 33: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/33.jpg)
Contact Details
Twitter @TheDeepSYadav
E-mail : - [email protected]
Web: https://www.deepshankaryadav.com
![Page 34: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/34.jpg)
![Page 35: DFIR using Docker Containers by Deep Shankar Yadav](https://reader031.vdocuments.us/reader031/viewer/2022030401/58ee2df41a28ab6c018b4567/html5/thumbnails/35.jpg)
References
• https://www.docker.com/
• https://www.google.com
• https://digital-forensics.sans.org/
• https://remnux.org/docs/containers/malwar
e-analysis/