applications/forensics tools

docker-forensics-toolkit - docker-forensics-toolkit - toolkit for performing post-mortem analysis of Docker runtime environments

Website: https://github.com/docker-forensics-toolkit/toolkit
License: ASL 2
Vendor: cert.org
Description:
This package contains a toolkit for performing post-mortem analysis of Docker runtime environments based on forensic HDD copies of the docker host system.

Features:
 * mount-image - Mounts the forensic image of the docker host
 * status - Prints status information about the container runtime
 * list-images - Prints images found on the computer
 * show-image-history - Displays the build history of an image
 * show-image-config - Pretty prints the full config file of an image
 * list-containers - Prints containers found on the computer
 * show-container-log - Displays the latest container logfiles
 * show-container-config - Pretty prints the combined container specific config files (config.v2.json and hostconfig.json).
 * mount-container - Mounts the file system of a given container at the given location (overlay2 only)
 * macrobber-container-layer - Extracts file system metadata from the container layer of the given container. Use the output with the 'mactime' tool to create a timeline.
 * macrobber-volumes - Extracts file system metadata from the volumes of the given container. Use the output with the 'mactime' tool to create a timeline.
 * carve-for-deleted-docker-files - Carves the image for deleted Docker files, such as container configs,Dockerfiles and deleted log files. Requires 'scalpel' to be installed.

Packages

docker-forensics-toolkit-0.2.0-2.el8.x86_64 [6.1 MiB] Changelog by Lawrence R. Rogers (2020-06-29):
* Release 0.2.0-1
	Version 0.2.0 - initial release

Listing created by Repoview-0.6.6-4.el7