Skip to content
Advertisement

How to perform memory dump to docker container from outside

I’m trying to find a way to perform a memory dump on a docker container in order to perform memory forensics (to detect malware exploits for example). I would like to be able to perform the same methods I use on a virtual machine. The problem is that docker containers (and any kind of linux containers) use memory in a different way – containers share resources, use namespaces and cgroups…

I’d like to program a tool that performs this but am a bit lost as to where to begin.

How would one approach this problem?

Thanks in advance!

Advertisement

Answer

These days you can use the experimental Docker feature checkpoint and restore: https://github.com/boucher/docker/blob/cr-combined/experimental/checkpoint_restore.md.

There is a howto available at https://criu.org/Docker.

User contributions licensed under: CC BY-SA
1 People found this is helpful
Advertisement