dissect.target.plugins.apps.containers.docker

Module Contents

Classes

DockerPlugin

References

Attributes

DockerContainerRecord
DockerImageRecord
DOCKER_NS_REGEX

dissect.target.plugins.apps.containers.docker.DockerContainerRecord

dissect.target.plugins.apps.containers.docker.DockerImageRecord

dissect.target.plugins.apps.containers.docker.DOCKER_NS_REGEX

class dissect.target.plugins.apps.containers.docker.DockerPlugin(target: dissect.target.Target)

Bases: dissect.target.plugin.Plugin

References

• https://didactic-security.com/resources/docker-forensics.pdf

• https://didactic-security.com/resources/docker-forensics-cheatsheet.pdf

• https://github.com/google/docker-explorer

__namespace__ = 'docker'

DOCKER_PATH = '/var/lib/docker'

check_compatible() → None

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:

UnsupportedPluginError – If the plugin could not be loaded.

images() → Iterator[DockerImageRecord]

Returns any pulled docker images on the target system.

containers() → Iterator[DockerContainerRecord]

Returns any docker containers present on the target system.