No video of the event yet, sorry!

Computer clusters built from Docker Swarm needs proper and fully technical administrations, not only by securing the whole system from attackers, but also investigating the attack after an accident. When intruder succeeds on attacking web apps that run on Docker Swarm clusters, DevOps and security practitioner should be working together to collect the digital evidence, examine and utilize it, so finally get reviewed to help identify policy shortcomings, procedural errors, and other issues that may need to be remedied.

Those combined activities (acquisition, examination, utilization, and review) and the underlying science is called digital forensics, and when it happens or relates to computer networks, is called network forensics.

Grr Rapid Response (GRR) Framework is a comprehensive framework and network forensics tool to investigate digital evidence (example: web apps/server logs) on computer networks, or even on computer clusters built from Docker Swarm.

This talk will present the implementation of Grr Rapid Response Framework on openSUSE Server to investigate digital evidence on Docker Swarm clusters, after intruder trying to penetrate (through DDoS attacks) web apps running on those clusters.