CSI Forensics: Unraveling Kubernetes Crime Scenes

Logo
Presented by

Alberto Pellitteri & Stefano Chierici, Sysdig

About this talk

In a security breach, employing well-defined DFIR techniques becomes imperative to effectively mitigate the incident's impact. However, with the spread of the adoption of containers, the employment of DFIR processes and capabilities is not just complex but is increasingly so. Join us in an insightful session covering cutting-edge DFIR practices on container environments. After a short overview of the essence of DFIR, we'll direct our focus towards various advanced DFIR techniques within a Kubernetes environment, which can prove highly beneficial in the event of a compromise. Starting from how to checkpoint compromised apps and restore them in a sandboxed environment for further analysis, we will move to conducting memory forensics on container evidence using old-style open-source DFIR tools. At the end of the presentation, the audience will be familiar with the advantages and disadvantages of the latest DFIR capabilities and have the basics to understand how to use them.
Related topics:

More from this channel

Upcoming talks (2)
On-demand talks (58)
Subscribers (10022)
In the cloud, every second counts. Attacks move at warp speed, and security teams must protect the business without slowing it down. Sysdig stops cloud attacks in real time, instantly detecting changes in risk with runtime insights, a unique AI architecture, and open source Falco. Sysdig delivers live visibility by correlating signals across cloud workloads, identities, and services to uncover hidden attack paths. By knowing what is running, teams can prioritize the vulnerabilities, misconfigurations, permissions, and threats that matter most. From prevention to defense, Sysdig helps enterprises move faster and focus on what matters: innovation. Sysdig. Secure Every Second.