Docker Info
Overview
Section titled “Overview”Evidence: Docker Info
Description: Collect Docker Info
Category: Applications
Platform: windows
Short Name: dockinfo
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”Docker system information provides configuration details about the Docker daemon including storage driver, kernel version, operating system, total containers/images, and resource limits. This metadata is crucial for understanding the Docker environment configuration and detecting anomalies.
Data Collected
Section titled “Data Collected”This collector gathers structured data about docker info.
Collection Method
Section titled “Collection Method”This collector queries the Docker daemon via Docker Engine API to retrieve system-wide information including version, storage driver, logging driver, plugins, security options, and resource constraints.
Forensic Value
Section titled “Forensic Value”System-level Docker configuration reveals potential security weaknesses such as insecure registries, disabled security features, or resource exhaustion. This data helps investigators understand the Docker deployment model and identify misconfigurations that attackers may exploit.