Docker Forensics Toolkit Logo

Docker Forensics Toolkit

0
Free
Visit Website

This toolkit allows for post-mortem analysis of Docker runtime environments using forensic HDD copies of the docker host system. Features include mounting forensic images, displaying status information, listing images and containers, showing image history and configuration, displaying container logs, mounting container file systems, and extracting file system metadata for creating timelines.

FEATURES

ALTERNATIVES

IE10Analyzer can parse and recover records from WebCacheV01.dat, providing detailed information and conversion capabilities.

Universal hexadecimal editor for computer forensics, data recovery, and IT security.

Autopsy is a GUI-based digital forensics platform for analyzing hard drives and smart phones, with a plug-in architecture for custom modules.

A Mac OS X computer forensics tool for analyzing system artifacts, user files, and logs with reputation verification and log aggregation capabilities.

Python script to parse the NTFS USN Change Journal.

Dump the contents of the location database files on iOS and macOS with output options like KML and CSV.

Easy-to-use live forensics toolbox for Linux endpoints with various capabilities such as process inspection, memory analysis, and YARA scanning.

A framework/scripting tool to standardize and simplify the process of scripting favorite Live Acquisition utilities for Incident Responders.