| Cloud computing environment,as its virtualization,distribution,multi-tenant,elasticity and other characteristics,brings many challenges on technologies,procedures,laws and regulations for traditional computer forensics,making traditional methods and technologies of investigation and forensics difficult to be directly applied to cloud computing environment.Currently most evidence-collection studies are about virtual machine migration or isolation technology under cloud computing environment.Although this idea may ensure that the evidence chain would not be destroyed,or influence the credibility of evidence,the virtual machine migration may cause huge performance expenses for cloud computing environment,which can lead to interruption of operated business for virtual machine isolation.At the same time,as another implementation of virtualization,forensic researches orienting container technologies has not been given due attention.Docker is one of the most focused virtual containers in the past three years,which has rapidly focused and followed up by international mainstream cloud providers with easy use,rapid deployment,low resource costs,high operational efficiency and other features.Same with traditional cloud services,Docker-based cloud environment is also facing such security threats as malicious attacks,storage and distribution of illegal information,and used as a springboard to launch denial of service attacks.This thesis mainly undertook the following work in order to solve the problems of lagging researches on investigation and evidence collection orienting Docker environment:1.This thesis,through comprehensive research on the security risks of Docker,summarized single system kernel,DDoS attack and other security risks faced by Docker,and proposed relative risk handling measures.2.Based on deep researches on work principle,service schema,and underlying technology implementation of Docker technology,this thesis would view the investigation problem from perspective of cloud forensics,research the investigation of Docker container environment from file storage,configuration information and other multiple dimensions so as to excavate the key information and acquisition path,as well as build a full of Web service as instance for forensics analysis based on Docker.3.Design and implement a prototype forensics system orienting Bash logs within Docker container.After testing this prototype system can fetch Bash log information within the container in bulk on the premise of non-interaction with Docker container,and safely transport them to the forensics server for further analysis. |
PDF Full Text Request