Docker Forensics Toolkit Logo

Docker Forensics Toolkit

0
Free
Visit Website

This toolkit allows for post-mortem analysis of Docker runtime environments using forensic HDD copies of the docker host system. Features include mounting forensic images, displaying status information, listing images and containers, showing image history and configuration, displaying container logs, mounting container file systems, and extracting file system metadata for creating timelines.

FEATURES

ALTERNATIVES

A library to access and read QEMU Copy-On-Write (QCOW) image file formats with support for zlib compression and AES-CBC encryption.

Anti-forensics tool for Red Teamers to erase footprints and test incident response capabilities.

A modified version of GNU dd with added features like hashing and fast disk wiping.

A script for extracting common Windows artifacts from source images and VSCs with detailed dependencies and usage instructions.

Python tool for remote memory acquisition

Comprehensive digital forensics and incident response platform for law enforcement, corporate, and academic institutions.

A powerful tool for analyzing and visualizing system activity timelines.

Open source digital forensics tools for analyzing disk images and recovering files.

PINNED