Docker Explorer Logo

Docker Explorer

0
Free
Visit Website

This project helps a forensics analyst explore offline Docker filesystems. When analyzing a system where a Docker container has been compromised, it can be useful to have the same view of the filesystem as the container's. Docker uses layered backend filesystems like AuFS or OverlayFS, with each layer stored on the host's filesystem as multiple folders. Some JSON files are used by Docker to know what is what. Installation methods include PPA, PyPI, and cloning the repository. Usage involves finding the interesting container ID, mounting the container's filesystem in /mnt/container, and using tools like log2timeline.py or ls.

FEATURES

ALTERNATIVES

A script to extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys.

A modified version of GNU dd with added features like hashing and fast disk wiping.

A command-line utility and Python package for mounting and unmounting various disk image formats with support for different volume systems and filesystems.

Anti-forensics tool for Red Teamers to erase footprints and test incident response capabilities.

A powerful tool for analyzing and visualizing system activity timelines.

Documentation project for Digital Forensics Artifact Repository

Online platform for image steganography analysis

Accessing databases stored on a machine by the Chrome browser and dumping URLs found.