Web Forensic on Container Services Using Grr Rapid Response Framework

Imam Riadi, Rusydi Umar, Andi Sugandi


Cybercrime on Internet that keeps increasing does not only take place in the environment that running web applications traditionally under operating system, but also web applications that are running in more advance environment like container service. Docker is a currently popular container service in Linux operating system needs to be secured and implements incident response mechanisme that will investigate web server that was attacked by DDoS in fast, valid, and comprehesive way. This paper discusses the investigation using Grr Rapid Response framework on web server that was attacked by DDoS running in container service on Linux operating system, and the attacker using Windows oprating system that runs DDos script. This research has succesfully investigated digital evidence in the form of log file from web server running on container service and digital evidence through netstat on Windows computer.


Forensics, Network, Docker Container, Grr Rapid Response, Web

Full Text:



Liu, D., & Zhao, L. (2014, December). The research and implementation of cloud computing platform based on docker. In 2014 11th International Computer Conference on Wavelet Actiev Media Technology and Information Processing (ICCWAMTIP) (pp. 475-478). IEEE.

Datadog. (2018, June 13). Eight Surprising Facts About Real Docker Adoption. Retrieved from https://www.datadoghq.com/docker-adoption

Combe, T., Martin, A., & Di Pietro, R. (2016). To Docker or Not to Docker: A Security Perspective. IEEE Cloud Computing, 3(5), 54-62.

Jingna, L. (2012, July). An analysis on DoS attack and defense technology. In 2012 7th International Conference on Computer Science & Education (ICCSE) (pp. 1102-1105). IEEE.

Mualfah, D., & Riadi, I. (2017). Network Forensics For Detecting Flooding Attack On Web Server. International Journal of Computer Science and Information Security, 15(2), 326.

Palmer, G. (2001, August). A road map for digital forensic research. In First Digital Forensic Research Workshop, Utica, New York (pp. 27-30).

Kent, K., Chevalier, S., Grance, T., & Dang, H. (2006). Guide to integrating forensic techniques into incident response. NIST Special Publication, 10(14), 800-86.

Umar, R., Riadi, I., & Zamroni, G. M. (2018). Mobile forensic tools evaluation for digital crime investigation. International Journal on Advanced Science, Engineering and Information Technology, 8(3), 949-955.

Albanna, F., & Riadi, I. (2017). Forensic Analysis of Frozen Hard Drive Using Static Forensics Method. International Journal of Computer Science and Information Security (IJCSIS), 15(1).

Riadi, I., Istiyanto, J. E., & Ashari, A. (2013). Log analysis techniques using clustering in network forensics. arXiv preprint arXiv:1307.0072

Zulkifli, M. A., & Dahlan, U. A. (2018). Live Forensics Method for Analysis Denial of Service (DOS) Attack on Routerboard. Int. J. Comput. Appl, 180(35), 23-30.

Yudhana, A., Riadi, I., & Ridho, F. (2018). DDoS Classification Using Neural Network and Naïve Bayes Methods for Network Forensics. International Journal Of Advanced Computer Science And Applications, 9(11), 177-183.

Kaushik, A. K., Pilli, E. S., & Joshi, R. C. (2010, February). Network forensic system for port scanning attack. In 2010 IEEE 2nd International Advance Computing Conference (IACC) (pp. 310-315). IEEE.

Kupreev, O., Badovskaya, E., & Gutnikov, A. (2019, March 7). DDoS Attacks in Q4 2018. Retrieved from https://securelist.com/ddos-attacks-in-q4-2018/89565/

Cohen, M. I., Bilby, D., & Caronni, G. (2011). Distributed forensics and incident response in the enterprise. digital investigation, 8, S101-S110.

Moser, A., & Cohen, M. I. (2013). Hunting in the enterprise: Forensic triage and incident response. Digital Investigation, 10(2), 89-98.

Cruz, F., Moser, A., & Cohen, M. (2015). A scalable file based data store for forensic analysis. Digital Investigation, 12, S90-S101.

Acharya, S., Glenn, W., & Carr, M. (2015, November). A GRReat framework for incident response in healthcare. In 2015 IEEE International Conference on Bioinformatics and Biomedicine (BIBM) (pp. 776-778). IEEE.

Rasheed, H., Hadi, A., & Khader, M. (2017, October). Threat Hunting Using GRR Rapid Response. In 2017 International Conference on New Trends in Computing Sciences (ICTCS) (pp. 155-160). IEEE.

Juggernaut. (2017, September 28). A working example of nginx flask postgres multi-container setup using Docker Compose. Retrieved from https://github.com/juggernaut/nginx-flask-postgres-docker-compose-example/tree/auto-reload-nginx-with-python

Docker Inc. (2017, September 28). Docker Compose. Retrieved from https://docs.docker.com/compose/

Docker Inc. (2017, September 28). View logs for a container or service. Retrieved from https://docs.docker.com/config/containers/logging/

DOI: https://doi.org/10.15294/sji.v7i1.18299


  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.