基于Docker容器的电子数据取证方法

吉林大学学报(理学版) ›› 2019, Vol. 57 ›› Issue (06): 1485-1490.

基于Docker容器的电子数据取证方法

李鹏超^1,2, 周凯¹

1. 重庆警察学院信息安全系, 重庆 401331； 2. 西南大学计算机与信息科学学院, 重庆 400715

收稿日期:2019-08-02 出版日期:2019-11-26 发布日期:2019-11-21
通讯作者: 李鹏超 E-mail:Lipengchao61@qq.com

Electronic Data Forensics Method Based on Docker Container

LI Pengchao^1,2, ZHOU Kai¹

1. Department of Information Security, Chongqing Police College, Chongqing 401331, China；2. College of Computer and Information Science, Southwest University, Chongqing 400715, China

Received:2019-08-02 Online:2019-11-26 Published:2019-11-21
Contact: LI Pengchao E-mail:Lipengchao61@qq.com

摘要/Abstract

摘要： 针对目前基于Docker容器的取证技术缺陷, 提出一种基于Docker主机的调查取证模型, 并根据该取证模型中Docker主机所处不同状态给出有针对性的数据取证方法. 实验结果表明, 利用该模型取证能更有针对性地获取相关电子证据.

关键词: Docker, 容器, 镜像, 数字取证

Abstract: Aiming at the shortcomings of forensic technology based on Docker container, we proposed an investigation and forensics model based on Docker host, and gave a targeted data forensics method according to the different states of the Docker host in
the forensic model. The experimental results show that the forensics can obtain relevant electronic evidence more specifically by using the model.

Key words: Docker, container, image, digital forensic

中图分类号:

TP309.3

李鹏超, 周凯. 基于Docker容器的电子数据取证方法[J]. 吉林大学学报(理学版), 2019, 57(06): 1485-1490.

LI Pengchao, ZHOU Kai. Electronic Data Forensics Method Based on Docker Container[J]. Journal of Jilin University Science Edition, 2019, 57(06): 1485-1490.