DFIR Blog
  • Infosec
    • Blog
    • Threat Landscape
  • Digital Forensics
    • Windows Forensics
    • Mac Forensics
    • Memory Forensics
    • Forensic Resources
  • Incident Response
  • CISSP
    • Domain-1
    • Domain-2
    • Domain-3
    • Domain-4
    • Domain-5
    • Domain-6
    • Domain-7
    • Domain-8
  • Contact
  • HTB
  • Productivity

Blog

Docker Primer

7/16/2019

 
The image below is an older way to doing things. The image is pretty much self explanatory. Setting up a full stack manually is pretty complex plus you've to deal with compatibility issues as the things changes. The solution is using containerized approach via Docker. Imaging a situation where you've to enter all the commands manually to setup this environment plus keep a track of changes. Isn't it too much?
Picture
Why you need docker?
Below is an image of Dockerized approach. Each component (App) is inside a standalone container fulfilling all it's requirement (Libraries and Dependencies) completely isolated from other app containers.
Picture

Setting up the container environment is hard and complex as they are very low level. Here, Docker offers a high level tool with powerful functions and making it easy for end user to create a container. Solves - Compatibility issue, Easy to use



Picture
So the question is what is a container?
Containers are completely isolated environment. Think of them as a Virtual Machine except they all share same OS kernel.Key thing to remember here is Docker is not meant to run different OS on top of same hardware like Hypervisor in VM.

Docker only cares about the underlying Kernel. In case of Linux, it dosen't matter what distribution (RHEL, Ubuntu, Suse etc) you are running - Docker only care about the Linux kernel.
Container vs VMs
As you can see below in the image. Docker can manage container with Library and Dependencies alone while in case of Hypervisor each virtual machine has it's own Operating System inside it. This is an overhead and due to multiple OS and Kernels it's not efficient and have higher utilization. Consumes higher disk spaces as compared to docker container which also results in quicker boot times for dockerized environment.

With Hypervisor - Higher Utilization of resources, Consumes more space and takes longer to boot up.
Picture
What is the difference between Docker Image and Docker Container?
Well Docker Image is a package/template/plan to create one or more container and containers are running instances of the images. Lot of products are already dockerized but if you cannot find one for your app - you can create your own image too.
What's next?
Install Community Edition and create an account on docker hub.
Docker Hub: https://hub.docker.com/
Docker Installation
Docker installation is pretty straight forward and well documented. Please use the link below to access installation documentation: 
https://docs.docker.com/install/linux/docker-ce/ubuntu/
Docker Commands

    

Docker & Forensics

While searching across docker hub, I stumbled upon a working image of SANS SIFT.
Here is the link: https://hub.docker.com/r/gourav5660/sans_sift_forensics

Comments are closed.

    Mac Forensics
    Windows Forensics
    Forensic Tools

    Categories

    All
    Attack
    Bash
    Bigdata
    Corporate
    Ctf
    Data
    Digital Forensics
    Docker
    EDR
    Forensics
    Hacking
    Hadoop
    HDFS
    Health Care
    Linux
    Memory
    Network
    Network Forensics
    PCIP
    SQL
    Windows
    Wireshark

    Archives

    January 2023
    October 2019
    September 2019
    July 2019
    June 2019
    May 2019
    March 2019
    April 2018
    March 2018
    February 2018
    July 2017
    June 2017
    May 2017
    November 2015
    October 2015
    July 2015
    June 2015
    May 2015
    April 2015
    March 2015

    RSS Feed

  • Infosec
    • Blog
    • Threat Landscape
  • Digital Forensics
    • Windows Forensics
    • Mac Forensics
    • Memory Forensics
    • Forensic Resources
  • Incident Response
  • CISSP
    • Domain-1
    • Domain-2
    • Domain-3
    • Domain-4
    • Domain-5
    • Domain-6
    • Domain-7
    • Domain-8
  • Contact
  • HTB
  • Productivity