Forensic analysis of container checkpointsCheck Reference
- Modern cloud infrastructure heavily relies on containerisation, and the past few years have seen the rise of different container runtimes like Docker, Podman, LXD, etc.
- The Checkpoint Restore In Userspace (CRIU) project is used in these container runtimes to allow users to checkpoint a running container to disk, and restore it later.
- This opens up a plethora of possibilities related to containers, like live migration, forensic analysis, stateful reboots, dry runs of updates, etc.
- In this talk, we’ll understand how container checkpointing works under the hood, and how it can be used for forensic analysis of containers.
Want to discuss?