Docker Detection and Forensics, ‘Gotta catch them all’!

Cem Gurkok

Track 1

Adopting Docker containers works well for most fast moving orgs, due to flexibility, isolation, transient existence, ease of management and patching. On the other hand, it becomes a challenging environment when the sensitivity level of the data traversing the environment increases. Monitoring systems, applications and network; performing digital forensics in case of an incident can easily become daunting tasks in such a volatile environment. In this talk I will discuss monitoring the Docker container pipeline with osquery, and performing memory forensics with the Volatility Framework within the context of detection and incident response cause ‘gotta catch them all’!

Cem Gurkok

Cem specializes in devops security, incident response, digital forensics, malware analysis, litigation consulting, R&D of security software. Prior to Facebook, he lead R&D, incident response and development teams in Salesforce, Terremark, Verizon, LinkedIn and various Fortune 500 companies. He has presented at conferences such as, DockerCon, RSA, Forum of Incident Response and Security Teams (, Hack In the Box, Open Source Memory Forensics Workshop (OMFW), EuroForensics and has written articles and chapters about cloud computing security and incident response for various publications. While not being paranoid about security, he enjoys life with friends and family. Mahalo!