Abstract
Cybercrime on Internet that keeps increasing does not only take place in the environment that running web applications traditionally under operating system, but also web applications that are running in more advance environment like container service. Docker is a currently popular container service in Linux operating system needs to be secured and implements incident response mechanisme that will investigate web server that was attacked by DDoS in fast, valid, and comprehesive way. This paper discusses the investigation using Grr Rapid Response framework on web server that was attacked by DDoS running in container service on Linux operating system, and the attacker using Windows oprating system that runs DDos script. This research has succesfully investigated digital evidence in the form of log file from web server running on container service and digital evidence through netstat on Windows computer.
Highlights
This paper is motivated by the increasing popularity of the web applications deployment on container services [1] as cloud computing arises since 2006
While Docker is growing popular the cybercrime of web applications that are running inside container services cannot avoid from the coordinated attacks over the Internet, not so different those running by Docker [3]
Investigating dynamic data like data packets transmitted over Internet, or collecting data traffic on network interface devices to identify and analyze DDoS attack on web server that is running inside container services, needs special methods and tools to perform digital forensics
Summary
This paper is motivated by the increasing popularity of the web applications deployment on container services [1] as cloud computing arises since 2006. Investigating dynamic data like data packets transmitted over Internet, or collecting data traffic on network interface devices to identify and analyze DDoS attack on web server that is running inside container services, needs special methods and tools to perform digital forensics. Like they need special and appropriate procedures involved in investigating on a mobile device [6]. GRR framework was chosen for the reason of the excellent features provided such as on quick response when investigating digital evidence in the form of log files of web server that is running inside container services, or even on investigating network status on computer attacker (both computers are running as a GRR clients). The resulted investigations on computer clients are sent to GRR server to analyze and review
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
