DOCSLIB.ORG

Digital Forensics with Open Source Tools-Slicer.Pdf

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Digital Forensics with Open Source Tools This page intentionally left blank Digital Forensics with Open Source Tools Cory Altheide Harlan Carvey Technical Editor Ray Davidson AMSTERDAM • BOSTON • HEIDELBERG • LONDON NEW YORK • OXFORD • PARIS • SAN DIEGO SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYO Syngress is an imprint of Elsevier Acquiring Editor: Angelina Ward Development Editor: Heather Scherer Project Manager: Andre Cuello Designer: Joanne Blank Syngress is an imprint of Elsevier 225 Wyman Street, Waltham, MA 02451, USA © 2011 Elsevier, Inc. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publisher’s permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions. This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein). Notices Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods or professional practices, may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information or methods described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility. To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein. Library of Congress Cataloging-in-Publication Data Application submitted British Library Cataloguing-in-Publication Data A catalogue record for this book is available from the British Library. ISBN: 978-1-59749-586-8 Printed in the United States of America 11 12 13 14 10 9 8 7 6 5 4 3 2 1 Typeset by: diacriTech, India For information on all Syngress publications visit our website at www.syngress.com Contents About the Authors �����������������������������������������������������������������������������������������������������xi Acknowledgments ...................................................................................................xiii Introduction ..............................................................................................................xv CHAPTER 1 Digital Forensics with Open Source Tools ��������������������������������� 1 Welcome to “Digital Forensics with Open Source Tools” ..............1 What Is “Digital Forensics?” ..........................................................1 Goals of Forensic Analysis .........................................................2 The Digital Forensics Process ....................................................3 What Is “Open Source?” .................................................................4 “Free” vs. “Open”.......................................................................4 Open Source Licenses ................................................................5 Benefits of Open Source Tools ........................................................5 Education ....................................................................................5 Portability and Flexibility ...........................................................6 Price ............................................................................................6 Ground Truth ..............................................................................7 Summary .........................................................................................7 References .......................................................................................8 CHAPTER 2 Open Source Examination Platform ������������������������������������������ 9 Preparing the Examination System .................................................9 Building Software.......................................................................9 Installing Interpreters ...............................................................10 Working with Image Files ........................................................10 Working with File Systems ......................................................10 Using Linux as the Host ................................................................10 Extracting Software ..................................................................11 GNU Build System ...................................................................12 Version Control Systems ..........................................................16 Installing Interpreters ...............................................................16 Working with Images ...............................................................19 Using Windows as the Host ..........................................................26 Building Software.....................................................................26 Installing Interpreters ...............................................................27 Working with Images ...............................................................31 Working with File Systems ......................................................34 Summary .......................................................................................37 References .....................................................................................37 vi Contents CHAPTER 3 Disk and File System Analysis ����������������������������������������������� 39 Media Analysis Concepts ..............................................................39 File System Abstraction Model ................................................40 The Sleuth Kit ...............................................................................41 Installing the Sleuth Kit ............................................................41 Sleuth Kit Tools ........................................................................42 Partitioning and Disk Layouts .......................................................52 Partition Identification and Recovery .......................................52 Redundant Array of Inexpensive Disks ....................................53 Special Containers .........................................................................54 Virtual Machine Disk Images ...................................................54 Forensic Containers ..................................................................55 Hashing .........................................................................................56 Carving ..........................................................................................58 Foremost ...................................................................................59 Forensic Imaging ...........................................................................61 Deleted Data .............................................................................61 File Slack ..................................................................................62 dd ..............................................................................................64 dcfldd ........................................................................................65 dc3dd ........................................................................................66 Summary .......................................................................................67 References .....................................................................................67 CHAPTER 4 Windows Systems and Artifacts ��������������������������������������������� 69 Introduction ...................................................................................69 Windows File Systems ..................................................................69 File Allocation Table ................................................................69 New Technology File System ...................................................71 File System Summary ..............................................................77 Registry .........................................................................................78 Event Logs ....................................................................................84 Prefetch Files .................................................................................87 Shortcut Files ................................................................................89 Windows Executables ...................................................................89 Summary .......................................................................................93 References .....................................................................................93 CHAPTER 5 Linux Systems and Artifacts ��������������������������������������������������� 95 Introduction ...................................................................................95 Linux File Systems ........................................................................95 Contents vii File System Layer .....................................................................96
Recommended publications
  • How to Create a Custom Live CD for Secure Remote Incident Handling in the Enterprise

    How to Create a Custom Live CD for Secure Remote Incident Handling in the Enterprise

    How to Create a Custom Live CD for Secure Remote Incident Handling in the Enterprise Abstract This paper will document a process to create a custom Live CD for secure remote incident handling on Windows and Linux systems. The process will include how to configure SSH for remote access to the Live CD even when running behind a NAT device. The combination of customization and secure remote access will make this process valuable to incident handlers working in enterprise environments with limited remote IT support. Bert Hayes, [email protected] How to Create a Custom Live CD for Remote Incident Handling 2 Table of Contents Abstract ...........................................................................................................................................1 1. Introduction ............................................................................................................................5 2. Making Your Own Customized Debian GNU/Linux Based System........................................7 2.1. The Development Environment ......................................................................................7 2.2. Making Your Dream Incident Handling System...............................................................9 2.3. Hardening the Base Install.............................................................................................11 2.3.1. Managing Root Access with Sudo..........................................................................11 2.4. Randomizing the Handler Password at Boot Time ........................................................12
  • In Search of the Ideal Storage Configuration for Docker Containers

    In Search of the Ideal Storage Configuration for Docker Containers

    In Search of the Ideal Storage Configuration for Docker Containers Vasily Tarasov1, Lukas Rupprecht1, Dimitris Skourtis1, Amit Warke1, Dean Hildebrand1 Mohamed Mohamed1, Nagapramod Mandagere1, Wenji Li2, Raju Rangaswami3, Ming Zhao2 1IBM Research—Almaden 2Arizona State University 3Florida International University Abstract—Containers are a widely successful technology today every running container. This would cause a great burden on popularized by Docker. Containers improve system utilization by the I/O subsystem and make container start time unacceptably increasing workload density. Docker containers enable seamless high for many workloads. As a result, copy-on-write (CoW) deployment of workloads across development, test, and produc- tion environments. Docker’s unique approach to data manage- storage and storage snapshots are popularly used and images ment, which involves frequent snapshot creation and removal, are structured in layers. A layer consists of a set of files and presents a new set of exciting challenges for storage systems. At layers with the same content can be shared across images, the same time, storage management for Docker containers has reducing the amount of storage required to run containers. remained largely unexplored with a dizzying array of solution With Docker, one can choose Aufs [6], Overlay2 [7], choices and configuration options. In this paper we unravel the multi-faceted nature of Docker storage and demonstrate its Btrfs [8], or device-mapper (dm) [9] as storage drivers which impact on system and workload performance. As we uncover provide the required snapshotting and CoW capabilities for new properties of the popular Docker storage drivers, this is a images. None of these solutions, however, were designed with sobering reminder that widespread use of new technologies can Docker in mind and their effectiveness for Docker has not been often precede their careful evaluation.
  • Understanding the Performance of Container Execution Environments

    Understanding the Performance of Container Execution Environments

    Understanding the performance of container execution environments Guillaume Everarts de Velp, Etienne Rivière and Ramin Sadre [email protected] EPL, ICTEAM, UCLouvain, Belgium Abstract example is an automatic grading platform named INGIn- Many application server backends leverage container tech- ious [2, 3]. This platform is used extensively at UCLouvain nologies to support workloads formed of short-lived, but and other institutions around the world to provide computer potentially I/O-intensive, operations. The latency at which science and engineering students with automated feedback container-supported operations complete impacts both the on programming assignments, through the execution of se- users’ experience and the throughput that the platform can ries of unit tests prepared by instructors. It is necessary that achieve. This latency is a result of both the bootstrap and the student code and the testing runtime run in isolation from execution time of the containers and is impacted greatly by each others. Containers answer this need perfectly: They the performance of the I/O subsystem. Configuring appro- allow students’ code to run in a controlled and reproducible priately the container environment and technology stack environment while reducing risks related to ill-behaved or to obtain good performance is not an easy task, due to the even malicious code. variety of options, and poor visibility on their interactions. Service latency is often the most important criteria for We present in this paper a benchmarking tool for the selecting a container execution environment. Slow response multi-parametric study of container bootstrap time and I/O times can impair the usability of an edge computing infras- performance, allowing us to understand such interactions tructure, or result in students frustration in the case of IN- within a controlled environment.
  • Container-Based Virtualization for Byte-Addressable NVM Data Storage

    Container-Based Virtualization for Byte-Addressable NVM Data Storage

    2016 IEEE International Conference on Big Data (Big Data) Container-Based Virtualization for Byte-Addressable NVM Data Storage Ellis R. Giles Rice University Houston, Texas [email protected] Abstract—Container based virtualization is rapidly growing Storage Class Memory, or SCM, is an exciting new in popularity for cloud deployments and applications as a memory technology with the potential of replacing hard virtualization alternative due to the ease of deployment cou- drives and SSDs as it offers high-speed, byte-addressable pled with high-performance. Emerging byte-addressable, non- volatile memories, commonly called Storage Class Memory or persistence on the main memory bus. Several technologies SCM, technologies are promising both byte-addressability and are currently under research and development, each with dif- persistence near DRAM speeds operating on the main memory ferent performance, durability, and capacity characteristics. bus. These new memory alternatives open up a new realm of These include a ReRAM by Micron and Sony, a slower, but applications that no longer have to rely on slow, block-based very large capacity Phase Change Memory or PCM by Mi- persistence, but can rather operate directly on persistent data using ordinary loads and stores through the cache hierarchy cron and others, and a fast, smaller spin-torque ST-MRAM coupled with transaction techniques. by Everspin. High-speed, byte-addressable persistence will However, SCM presents a new challenge for container-based give rise to new applications that no longer have to rely on applications, which typically access persistent data through slow, block based storage devices and to serialize data for layers of block based file isolation.
  • Ubuntu Server Guide Basic Installation Preparing to Install

    Ubuntu Server Guide Basic Installation Preparing to Install

    Ubuntu Server Guide Welcome to the Ubuntu Server Guide! This site includes information on using Ubuntu Server for the latest LTS release, Ubuntu 20.04 LTS (Focal Fossa). For an offline version as well as versions for previous releases see below. Improving the Documentation If you find any errors or have suggestions for improvements to pages, please use the link at thebottomof each topic titled: “Help improve this document in the forum.” This link will take you to the Server Discourse forum for the specific page you are viewing. There you can share your comments or let us know aboutbugs with any page. PDFs and Previous Releases Below are links to the previous Ubuntu Server release server guides as well as an offline copy of the current version of this site: Ubuntu 20.04 LTS (Focal Fossa): PDF Ubuntu 18.04 LTS (Bionic Beaver): Web and PDF Ubuntu 16.04 LTS (Xenial Xerus): Web and PDF Support There are a couple of different ways that the Ubuntu Server edition is supported: commercial support and community support. The main commercial support (and development funding) is available from Canonical, Ltd. They supply reasonably- priced support contracts on a per desktop or per-server basis. For more information see the Ubuntu Advantage page. Community support is also provided by dedicated individuals and companies that wish to make Ubuntu the best distribution possible. Support is provided through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The large amount of information available can be overwhelming, but a good search engine query can usually provide an answer to your questions.
  • Scibian 9 HPC Installation Guide

    Scibian 9 HPC Installation Guide

    Scibian 9 HPC Installation guide CCN-HPC Version 1.9, 2018-08-20 Table of Contents About this document . 1 Purpose . 2 Structure . 3 Typographic conventions . 4 Build dependencies . 5 License . 6 Authors . 7 Reference architecture. 8 1. Hardware architecture . 9 1.1. Networks . 9 1.2. Infrastructure cluster. 10 1.3. User-space cluster . 12 1.4. Storage system . 12 2. External services . 13 2.1. Base services. 13 2.2. Optional services . 14 3. Software architecture . 15 3.1. Overview . 15 3.2. Base Services . 16 3.3. Additional Services. 19 3.4. High-Availability . 20 4. Conventions . 23 5. Advanced Topics . 24 5.1. Boot sequence . 24 5.2. iPXE Bootmenu Generator. 28 5.3. Debian Installer Preseed Generator. 30 5.4. Frontend nodes: SSH load-balancing and high-availability . 31 5.5. Service nodes: DNS load-balancing and high-availability . 34 5.6. Consul and DNS integration. 35 5.7. Scibian diskless initrd . 37 Installation procedure. 39 6. Overview. 40 7. Requirements . 41 8. Temporary installation node . 44 8.1. Base installation . 44 8.2. Administration environment . 44 9. Internal configuration repository . 46 9.1. Base directories . 46 9.2. Organization settings . 46 9.3. Cluster directories . 48 9.4. Puppet configuration . 48 9.5. Cluster definition. 49 9.6. Service role . 55 9.7. Authentication and encryption keys . 56 10. Generic service nodes . 62 10.1. Temporary installation services . 62 10.2. First Run. 62 10.3. Second Run . 64 10.4. Base system installation. 64 10.5. Ceph deployment . 66 10.6. Consul deployment.
  • Aligning Intent and Behavior in Software Systems: How Programs Communicate & Their Distribution and Organization

    Aligning Intent and Behavior in Software Systems: How Programs Communicate & Their Distribution and Organization

    © 2020 William B. Dietz ALIGNING INTENT AND BEHAVIOR IN SOFTWARE SYSTEMS: HOW PROGRAMS COMMUNICATE & THEIR DISTRIBUTION AND ORGANIZATION BY WILLIAM B. DIETZ DISSERTATION Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science in the Graduate College of the University of Illinois at Urbana-Champaign, 2020 Urbana, Illinois Doctoral Committee: Professor Vikram Adve, Chair Professor John Regehr, University of Utah Professor Tao Xie Assistant Professor Sasa Misailovic ABSTRACT Managing the overwhelming complexity of software is a fundamental challenge because complex- ity is the root cause of problems regarding software performance, size, and security. Complexity is what makes software hard to understand, and our ability to understand software in whole or in part is essential to being able to address these problems effectively. Attacking this overwhelming complexity is the fundamental challenge I seek to address by simplifying how we write, organize and think about programs. Within this dissertation I present a system of tools and a set of solutions for improving the nature of software by focusing on programmer’s desired outcome, i.e. their intent. At the program level, the conventional focus, it is impossible to identify complexity that, at the system level, is unnecessary. This “accidental complexity” includes everything from unused features to independent implementations of common algorithmic tasks. Software techniques driving innovation simultaneously increase the distance between what is intended by humans – developers, designers, and especially the users – and what the executing code does in practice. By preserving the declarative intent of the programmer, which is lost in the traditional process of compiling and linking and building software, it is easier to abstract away unnecessary details.
  • Xrac: Execution and Access Control for Restricted Application Containers on Managed Hosts

    Xrac: Execution and Access Control for Restricted Application Containers on Managed Hosts

    xRAC: Execution and Access Control for Restricted Application Containers on Managed Hosts Frederik Hauser, Mark Schmidt, and Michael Menth Chair of Communication Networks, University of Tuebingen, Tuebingen, Germany Email: {frederik.hauser,mark-thomas.schmidt,menth}@uni-tuebingen.de Abstract—We propose xRAC to permit users to run spe- or Internet access. That means, appropriate network control cial applications on managed hosts and to grant them access elements, e.g., firewalls or SDN controllers, may be informed to protected network resources. We use restricted application about authorized RACs and their needs. The authorized traffic containers (RACs) for that purpose. A RAC is a virtualization container with only a selected set of applications. Authentication can be identified by the RAC’s IPv6 address. We call this verifies the RAC user’s identity and the integrity of the RAC concept xRAC as it controls execution and access for RACs. image. If the user is permitted to use the RAC on a managed We mention a few use cases that may benefit from xRAC. host, launching the RAC is authorized and access to protected RACs may allow users to execute only up-to-date RAC network resources may be given, e.g., to internal networks, images. Execution of a RAC may be allowed only to special servers, or the Internet. xRAC simplifies traffic control as the traffic of a RAC has a unique IPv6 address so that it can users or user groups, e.g., to enforce license restrictions. be easily identified in the network. The architecture of xRAC Only selected users in a high-security area may get access to reuses standard technologies, protocols, and infrastructure.
  • How to Run Ubuntu, Chromiumos, Android at the Same Time on an Embedded Device

    How to Run Ubuntu, Chromiumos, Android at the Same Time on an Embedded Device

    How to run Ubuntu, ChromiumOS, Android at the Same Time on an Embedded Device Grégoire Gentil Founder Always Innovating Embedded Linux Conference April 2011 Why should I stay and attend this talk? ● Very cool demos that you have never seen before! ● Win some USB dongles and USB-to-HDMI adapters (Display Link inside, $59 value)!!! ● Come in front rows, you will better see the Pandaboard demo on multiple screens Objective of the talk ● Learn how to run multiple operating systems... ● AIOS (Angstrom fork), Ubuntu Maverick, Android Gingerbread, ChromiumOS ● …on a single ARM device (Beagleboard-xM, Pandaboard)... ● …at the same time, natively, with zero performance loss... ● …connected to one or multiple monitors simultaneously!!!! Where does it come from? (1/2) ● Hardware is becoming so versatile Where does it come from? (2/2) ● Open source is so fragmented ● => “Single” (between quote) Linux but with different userspace stacks How do we do it? ● Obviously: chroot ● Key lesson of this talk: simple theoretically, difficult to implement it right ● Kind of Rubik's cube puzzle – When assembling a face, you destroy the others ● Key issues along the way – Making work the core OS – Problem of managing output (video) – Problem of managing all inputs (HID, network) => End-up patching everything in kernel and OS Live Demo ChromiumOS Android AIOS Beagleboard xM TI OMAP3 Ubuntu AIOS ChromiumOS Android Pandaboard TI OMAP4 Multiple OS running side-by-side ● One kernel, multiple ARM native root file systems ● Hot-switchable at runtime ● Much faster than a usual virtual machine architecture AIOS Android Ubuntu Chromium Gentoo rootfs rootfs rootfs rootfs rootfs ..
  • Ubuntuguide Part2

    Ubuntuguide Part2

    UbuntuGuide Part2 - http://ubuntuguide.org/index.php?title=UbuntuGuide_Part2&... UbuntuGuide Part2 From Contents 1 Boot from a Live CD 2 UEFI 3 Coreboot 4 Multiple OS Installation 4.1 Introduction 4.1.1 Using Grub Legacy for the boot partition 4.2 Partition design 4.3 Windows partitions 4.3.1 Changing Windows partition sizes 4.3.1.1 Using Shrink Volume on Vista and Windows 7 4.3.1.2 Reinstalling Vista or Windows 7 on a new partition 4.3.1.2.1 Using Windows Recovery Disks 4.3.1.3 Windows XP (or earlier) 4.3.1.4 Windows bootloaders 4.4 Install your first Linux OS 4.5 Copy boot files to the small Grub partition 4.6 Reinstall Grub to MBR 4.7 Install your second Linux OS 4.8 Changing main Grub boot menu settings 4.8.1 Using UUIDs for the main Grub bootloader menu 4.8.2 Add MacOSX entry 4.9 Re-installing Grub Legacy after Windows upgrade or re-installation 4.10 Other chainloader options 4.10.1 Chainloading Grub2 from Grub Legacy 4.11 The (hd0,9) problem 4.12 Protecting Grub Legacy from cracking 4.13 Manipulating partitions on the hard drive 5 Manipulating Partitions 5.1 Use the (K)Ubuntu Desktop LiveCD 5.2 Use GParted to manage partitions 5.3 One linux-swap partition per computer 5.4 Creating and "moving" free space 5.5 Creating or resizing a partition 5.6 Changing Grub Legacy in a boot partition 5.7 Changing Grub2 in a changed partition 5.7.1 Booting (K)Ubuntu manually from Grub Legacy 5.7.2 Discovering the current kernel files manually 5.8 Changing Grub Legacy in a changed partition 6 Virtualbox in Windows 6.1 Install Virtualbox in Windows 6.2 Install Ubuntu edition for virtual machines 6.2.1 Install a desktop 6.2.2 Install Linux Guest Additions 6.2.3 Creating shared folders 7 Android emulation 7.1 Android-x86 in VirtualBox 7.1.1 Networking for Android-x86 7.1.1.1 Wired networking for Android-x86 RC 4.0RC1 7.1.2 Installing apps 7.1.2.1 Modified apps 7.1.3 Usage tips 7.2 Android SDK emulator 7.2.1 Networking for Android SDK 7.2.2 Installing an app 1 of 177 08/10/2013 09:04 AM UbuntuGuide Part2 - http://ubuntuguide.org/index.php?title=UbuntuGuide_Part2&..
  • Union Mounts

    Union Mounts

    Union mounts http://valerieaurora.org/union/ Valerie Aurora Red Hat, Inc. <[email protected]> Overview ● The problem ● Existing solutions ● Union mounts ● Why not unionfs? ● Limitations of unionfs ● What you can do ● How to take over the world with union mounts and Puppet What's the problem? ● Lots of nearly identical root file systems ● Virtual machines ● Any cluster ● LiveCD ● Could we share some of these? Ways to share file systems ● Copy-on-write (COW) block devices ● NFS-exported root file system ● Other network/cluster file systems ● Snapshots Why do we need union mounts? ● COW block device inefficient, divergent ● NFS server gets overloaded ● Cluster file system is needlessly heavyweight ● Snapshots are limited to a single system Solution: file-level sharing ● Take one read-only file system (shared) ● Add one local writable file system ● Lookups “fall through” to lower read-only fs ● Writes go to topmost writable fs ● Writes to lower fs trigger copy-up to topmost fs Sounds like... unionfs ● Unionfs and aufs panic the kernel ● Unionfs architecture is fundamentally broken ● Al Viro's canonical explanation here: http://lkml.indiana.edu/hypermail/linux/kernel/0802.0/0839.html ● University research project ● Unmerged for 7 years and counting Why union mounts is different ● Implemented in the VFS ● Designed with help of VFS maintainers ● Many fewer features Limitations of union mounts ● open(O_RDONLY) gets you a different file from open (O_RDWR) ● fchmod()/fchown()/futimensat() on fd don't work ● Only one writable layer ● Requires on-disk format changes to topmost fs What you can do ● Use open(O_RDONLY) ● Don't use fchmod()/fchown()/futimensat() on fd ● Don't access same file from multiple fds ● Let your engineers work on union mounts ● Review ● Test ● http://valerieaurora.org/union/ Puppet + Union mounts = World Domination Thank you Jan Blunck Miklos Szeredi Felix Fietkau Al Viro Erez Zadok Christoph Hellwig J.
  • Current Events in Container Storage

    Current Events in Container Storage

    Current Events in Container Storage Keith Hudgins Docker 2019 Storage Developer Conference. © Docker, Inc. All Rights Reserved. 1 Container Community Orgs ▪ Cloud Native Computing Foundation (CNCF) ▪ https://www.cncf.io/ ▪ Open Container Initiative (OCI) ▪ https://www.opencontainers.org/ ▪ Both are part of the Linux Foundation ▪ https://www.linuxfoundation.org/ 2019 Storage Developer Conference. © Docker, Inc. All Rights Reserved. 2 Container Runtimes ▪ Docker ▪ Default for most container installs, widest user base ▪ 20 million+ Docker Community Engine installs alone ▪ Containerd ▪ Fully graduated CNCF project (as of Feb 2019) ▪ Windows and Linux container runtime ▪ Upstream of Docker (for Linux, anyway) ▪ CoreOS (rkt) ▪ CoreOS acquired by RedHat May 2018 ▪ rkt archived by CNCF as of 8/16/2019 ▪ CRI-O ▪ Default runtime for RH OpenShift as of 4.0, June 2019 ▪ Intended to be Kubernetes-native runtime ▪ Fully open-source ▪ Upstream of these projects* are CNCF efforts. *Docker has non-CNCF upstream 3 2019 Storage Developer Conference. © Docker, Inc. All Rights Reserved. Components as well Container Storage Lifecycle 2019 Storage Developer Conference. © Docker, Inc. All Rights Reserved. 4 Container Storage Lifecycle (cont) ▪ Containers use storage in 3 primary contexts: ▪ Raw container image ▪ At rest, either as a file on disk or object storage ▪ At runtime ▪ One of several graph drivers ▪ These are NOT persistent ▪ Persistent storage ▪ Volumes attached to containers for persistent data ▪ Most of this talk will focus on this type of storage