Docker Logs
Overview
Section titled “Overview”Evidence: Docker Logs
Description: Collect Docker Logs on Filesystem
Category: Applications
Platform: aix
Short Name: dckl
Is Parsed: No
Sent to Investigation Hub: Yes
Collect File(s): Yes
Background
Section titled “Background”Docker Desktop for Mac stores logs for both the VM and host components within user Library containers. These logs capture Docker daemon activities, container operations, networking events, and system interactions.
Data Collected
Section titled “Data Collected”This collector gathers structured data about docker logs.
Collection Method
Section titled “Collection Method”This collector gathers Docker logs from user-specific Library/Containers directories, including both VM logs (Linux VM running containers) and host logs (Docker Desktop application on macOS).
Forensic Value
Section titled “Forensic Value”Docker logs are valuable for investigating containerized application activities, suspicious container deployments, privilege escalation attempts, network communications, and understanding container-based attacks or data exfiltration.