| Cloud computing environments are distributed,virtualized,resilient,and multi-tenanted,and the forensic investigation has more objects and more complex interactive environment in the cloud environment,which makes the traditional digital forensics technology and method tools not directly applicable to cloud forensics.As one of the main technologies supporting virtualization in cloud computing environment,Docker is featured in its fast and lightweight virtualization which has been adopted by numerous platform-as-a-service(PaaS)systems.Therefore,in the highly combined and rapid development of Docker and cloud computing technology,forensic research under the Docker environment needs deep attention.The main research contents of this thesis are as follows:Firstly,Combined with the related cloud forensics technology analysis,this thesis describes the investigation and evidence collection in the Docker environment.The forensic investigation was conducted from various aspects such as container instance,mirroring,configuration information and file storage,so as to discover the key evidence information and evidence acquisition methods,and built a Docker-based MySQL database service environment for forensic analysis.Secondly,propose the Docker forensics scheme based on Docker API.Use The relevant Docker API to realize the export of Docker container instance,the copy backup of container data volume,and extract the key evidence data such as container log information,configuration information and mirror information.using the theory of D-S evidence fusion,from four dimensions of the physical environment,network transmission,the host system,evidence management to assess the probability of evidence integrity being destroyed.,it suggests that extracted through the framework based on Docker API forensics data with higher integrity.Lastly,this thesis designs and implements a prototype tool based on Docker API.With Docker container interrupts running very short and resource overhead very small,the tool can obtain the key evidence information in the Docker application container.This thesis verifies and analyzes the functions and the efficiency of forensics of this instrument by constructing the experimental platform of the local virtual machine to collect evidence.The experimental results show that the evidence extraction tool can effectively extract the object,and eliminate the interference of the unrelated container to the forensics process. |
PDF Full Text Request