Container systems are type of virtualization technology with isolated environment. The isolated environment in container system does not make cyber attacks impossible to occur. In this research, containers in which a cyber incident occurred were forensically tested on the container's memory to obtain digital evidence. The forensic process is carried out using standards from NIST framework with the stages of collection, examination, analysis and reporting. The forensic process begins by performing a checkpoint on the container to obtain information from the container's memory. In Podman the checkpoint process is carried out on one of the containers and will produce a file in .tar.gz form, where this file contains the information contained in the container. After the checkpoint process is complete, forensics is then carried out by reading the checkpoint file using a tool called checkpointctl. Forensic results showed that the container was running a malicious program in the form of a backdoor with a PHP extension.

Forensik; Kontainer; Podman; Checkpoint; NIST

Dwiyatno S, Rakhmat E, Oki G. Implementasi Virtualisasi Server Berbasis Docker Container. Jurnal PROSISKO. 2020; 7(2): 165-175.

Kusuma GHA, Prawiranegara IN. Analisa Digital Forensik Rekaman Video CCTV dengan Menggunakan Metadata dan Hash. Prosiding SISFOTEK. 2019; 3(1): 223 - 227.

Riadi I, Fadlil A, Aulia MI. Investigasi Bukti Digital Optical Drive Menggunakan Metode National Institute of Standard and Technology (NIST). Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi). 2020; 4(5): 820-828.

Lahmann G, McCann T, Lloyd W. Container Memory Allocation Discrepancies: An Investigation on Memory Utilization Gaps for Container-Based Application Deployments. In ; 2018; Orlando, FL, USA: IEEE.

Yang C. Checkpoint and Restore of Micro-service in Docker Containers. In Proceedings of the 3rd International Conference on Mechatronics and Industrial Informatics.: Atlantis Press; 2015. p. 915-918.

Chen X, Jiang JH, Jiang Q. A Method of Self-adaptive Pre-copy Container. In ; 2015; Zhangjiajie, China: IEEE.

Riadi I, Umar R, Sugandi A. Web Forensic on Container Services Using GRR Rapid Response Framework. Scientific Journal of Informatics. 2020; 7(1): 33-42.

Sunardi , Riadi I, Sugandi A. Forensic Analysis of Docker Swarm Cluster using Grr Rapid Response Framework. International Journal of Advanced Computer Science and Applications (IJACSA). 2019; 10(2): 459-466.

Prakoso DC, Riadi I, Prayudi Y. Detection of metasploit attacks using RAM Forensic on proprietary operating systems. Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control. 2020; 5(2): 155-160.