A novel file carving algorithm for docker container logs recorded by json-file logging driver. (December 2021)
- Record Type:
- Journal Article
- Title:
- A novel file carving algorithm for docker container logs recorded by json-file logging driver. (December 2021)
- Main Title:
- A novel file carving algorithm for docker container logs recorded by json-file logging driver
- Authors:
- Ge, Song
Xu, Ming
Qiao, Tong
Zheng, Ning - Abstract:
- Abstract: In recent years, the container technique has gained increasing attention and there is an urgent demand to improve the methods of forensically investigating the attacked containers. Container logs involve sensitive information and are included in most containers. However, there are few researches on recovery methods of container logs. In this paper, we propose a novel carving algorithm for container logs in json-file format. To realize this, the json-file data have to be identified based on the intrinsic structure of the log files and the spatial locality of the storage. Then, the identified data is reassembled utilizing the prior knowledge of json-file format and the similarity between log contents. What's more, the index structure used to retrieve log content is modified, which takes less computations during each search. Experiments results show that our proposed algorithm performs well and is capable of recovering more json-file log lines than existing carving tools. Graphical abstract: Image 1 Highlights: Make available datasets by downloading popular images and running them as containers. Accurate discrimination of json-file data from all other types of data. Reliable reassembly for identified json-file fragments. Modified the vp-tree based on similar patterns among the log contents.
- Is Part Of:
- Forensic science international. Volume 39(2021)
- Journal:
- Forensic science international
- Issue:
- Volume 39(2021)
- Issue Display:
- Volume 39, Issue 2021 (2021)
- Year:
- 2021
- Volume:
- 39
- Issue:
- 2021
- Issue Sort Value:
- 2021-0039-2021-0000
- Page Start:
- Page End:
- Publication Date:
- 2021-12
- Subjects:
- Docker forensics -- File carving -- Container log -- JSON
- Journal URLs:
- http://www.sciencedirect.com/ ↗
- DOI:
- 10.1016/j.fsidi.2021.301272 ↗
- Languages:
- English
- ISSNs:
- 2666-2817
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 19999.xml