Evaluation of file carving tools for forensic investigation in docker containers
| dc.contributor.author | Haribabu, K. | |
| dc.date.accessioned | 2025-05-07T10:16:13Z | |
| dc.date.available | 2025-05-07T10:16:13Z | |
| dc.date.issued | 2023-01 | |
| dc.description.abstract | Container Technology has attracted a lot of attention and is increasingly utilized to deploy the industrial applications. Containers are executable units of software which encapsulate the code along with the libraries and other dependencies in order to facilitate the code to run anywhere. They take advantage of operating system virtualization and can run anything from a small microservice or software process to a larger application. Containers are very lightweight as compared to Virtual Machines. They offer high portability with very less overhead. This emerging field of container technology has attracted a lot of attention from the community of researchers. In this paper, we have performed digital forensics on the Docker containers using file carving techniques in order to test whether the lost data from the deleted containers can be retrieved or not. For this purpose, we have used three popular file carving tools and compared their performance. The results of the experiments show that the file carving is an effective way to recover the lost data from the deleted containers. | en_US |
| dc.identifier.uri | https://ieeexplore.ieee.org/document/9997954 | |
| dc.identifier.uri | http://dspace.bits-pilani.ac.in:8080/jspui/handle/123456789/18862 | |
| dc.language.iso | en | en_US |
| dc.publisher | IEEE | en_US |
| dc.subject | Computer Science | en_US |
| dc.subject | Containers | en_US |
| dc.subject | Docker | en_US |
| dc.subject | Virtualization | en_US |
| dc.subject | File carving | en_US |
| dc.title | Evaluation of file carving tools for forensic investigation in docker containers | en_US |
| dc.type | Article | en_US |