{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,3]],"date-time":"2025-09-03T10:04:23Z","timestamp":1756893863208,"version":"3.44.0"},"publisher-location":"New York, NY, USA","reference-count":60,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,7,30]],"date-time":"2024-07-30T00:00:00Z","timestamp":1722297600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,7,30]]},"DOI":"10.1145\/3664476.3670895","type":"proceedings-article","created":{"date-parts":[[2024,7,25]],"date-time":"2024-07-25T12:35:50Z","timestamp":1721910950000},"page":"1-11","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Don't, Stop, Drop, Pause: Forensics of CONtainer CheckPOINTs (ConPoint)"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7407-2304","authenticated-orcid":false,"given":"Taha","family":"Gharaibeh","sequence":"first","affiliation":[{"name":"BiTLab, Louisiana State University, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-4358-946X","authenticated-orcid":false,"given":"Steven","family":"Seiden","sequence":"additional","affiliation":[{"name":"Louisiana State University, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-6121-7780","authenticated-orcid":false,"given":"Mohamed","family":"Abouelsaoud","sequence":"additional","affiliation":[{"name":"Cisco Systems, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8040-4635","authenticated-orcid":false,"given":"Elias","family":"Bou-Harb","sequence":"additional","affiliation":[{"name":"Louisiana State University, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9574-9537","authenticated-orcid":false,"given":"Ibrahim","family":"Baggili","sequence":"additional","affiliation":[{"name":"Louisiana State University, USA"}]}],"member":"320","published-online":{"date-parts":[[2024,7,30]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/MobileCloud48802.2020.00016"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/NCA.2015.49"},{"key":"e_1_3_2_1_3_1","unstructured":"Arch Linux. 2023. Overlay Filesystem. https:\/\/wiki.archlinux.org\/title\/Overlay_filesystem Accessed: 2024-01-06."},{"key":"e_1_3_2_1_4_1","unstructured":"Fredrik Bj\u00f6rklund. 2021. A comparison between native and secure runtimes: Using Podman to compare crun and Kata Containers."},{"key":"e_1_3_2_1_5_1","volume-title":"Memory forensics: The path forward. Digital investigation 20","author":"Case Andrew","year":"2017","unstructured":"Andrew Case and Golden\u00a0G Richard\u00a0III. 2017. Memory forensics: The path forward. Digital investigation 20 (2017), 23\u201333."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2019.04.007"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2022.103494"},{"key":"e_1_3_2_1_8_1","volume-title":"Anti-forensics: Furthering digital forensic science through a new extended, granular taxonomy. Digital investigation 18","author":"Conlan Kevin","year":"2016","unstructured":"Kevin Conlan, Ibrahim Baggili, and Frank Breitinger. 2016. Anti-forensics: Furthering digital forensic science through a new extended, granular taxonomy. Digital investigation 18 (2016), S66\u2013S75."},{"key":"e_1_3_2_1_9_1","unstructured":"Inc. Datadog. 2018. Docker Adoption. https:\/\/www.datadoghq.com\/docker-adoption\/"},{"key":"e_1_3_2_1_10_1","unstructured":"Pontus Davidsson and Niklas Englund. 2020. Docker forensics: Investigation and data recovery on containers."},{"key":"e_1_3_2_1_11_1","volume-title":"Incident Analysis and Forensics in Docker Environments. ERNW White Paper 64, 02","author":"Dewald Andreas","year":"2018","unstructured":"Andreas Dewald, Matthias Luft, and Julian Suleder. 2018. Incident Analysis and Forensics in Docker Environments. ERNW White Paper 64, 02 (2018)."},{"key":"e_1_3_2_1_12_1","unstructured":"Docker. 2013. Use the OverlayFS storage driver. https:\/\/docs.docker.com\/storage\/storagedriver\/overlayfs-driver Accessed: 2024-01-06."},{"key":"e_1_3_2_1_13_1","volume-title":"Microservices: yesterday, today, and tomorrow. Present and ulterior software engineering","author":"Dragoni Nicola","year":"2017","unstructured":"Nicola Dragoni, Saverio Giallorenzo, Alberto\u00a0Lluch Lafuente, Manuel Mazzara, Fabrizio Montesi, Ruslan Mustafin, and Larisa Safina. 2017. Microservices: yesterday, today, and tomorrow. Present and ulterior software engineering (2017), 195\u2013216."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.2991\/icmemtc-16.2016.313"},{"key":"e_1_3_2_1_15_1","volume-title":"Black Hat USA","author":"Dulce Sagie","year":"2017","unstructured":"Sagie Dulce. 2017. Black Hat USA 2017. https:\/\/www.blackhat.com\/us-17\/speakers\/Sagie-Dulce.html"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.fsidi.2021.301272"},{"key":"e_1_3_2_1_17_1","first-page":"960","article-title":"Digital forensics compute cluster: A high speed distributed computing capability for digital forensics","volume":"11","author":"Gonzales Daniel","year":"2017","unstructured":"Daniel Gonzales, Zev Winkelman, Trung Tran, Ricardo Sanchez, Dulani Woods, and John Hollywood. 2017. Digital forensics compute cluster: A high speed distributed computing capability for digital forensics. International Journal of Computer and Information Engineering 11, 8 (2017), 960\u2013967.","journal-title":"International Journal of Computer and Information Engineering"},{"key":"e_1_3_2_1_18_1","volume-title":"Towards Digital Forensics Investigation of WordPress Applications Running Over Kubernetes. IETE Journal of Research","author":"Hyder Muhammad\u00a0Faraz","year":"2023","unstructured":"Muhammad\u00a0Faraz Hyder, Syeda\u00a0Hafsa Ahmed, Mustafa Latif, Kehkashan Aslam, Ata\u00a0U Rab, and Mussab\u00a0T Siddiqui. 2023. Towards Digital Forensics Investigation of WordPress Applications Running Over Kubernetes. IETE Journal of Research (2023), 1\u201316."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.3390\/electronics9071172"},{"key":"e_1_3_2_1_20_1","volume-title":"Analysis of SQL injection attacks in the cloud and in WEB applications. Security and Privacy","author":"Kumar Animesh","year":"2024","unstructured":"Animesh Kumar, Sandip Dutta, and Prashant Pranav. 2024. Analysis of SQL injection attacks in the cloud and in WEB applications. Security and Privacy (2024), e370."},{"key":"e_1_3_2_1_21_1","volume-title":"Evaluation of File Carving Tools for Forensic Investigation in Docker Containers. In 2022 IEEE 6th Conference on Information and Communication Technology (CICT). IEEE, 1\u20136.","author":"Kumar Nitish","year":"2022","unstructured":"Nitish Kumar and K Haribabu. 2022. Evaluation of File Carving Tools for Forensic Investigation in Docker Containers. In 2022 IEEE 6th Conference on Information and Communication Technology (CICT). IEEE, 1\u20136."},{"volume-title":"Efficient Fingerprint Matching for Forensic Event Reconstruction","author":"Latzo Tobias","key":"e_1_3_2_1_22_1","unstructured":"Tobias Latzo. 2021. Efficient Fingerprint Matching for Forensic Event Reconstruction. In Digital Forensics and Cyber Crime, Sanjay Goel, Pavel Gladyshev, Daryl Johnson, Makan Pourzandi, and Suryadipta Majumdar (Eds.). Springer International Publishing, Cham, 98\u2013120."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/IC2E.2015.79"},{"volume-title":"The art of memory forensics: detecting malware and threats in windows, linux, and Mac memory","author":"Ligh Michael\u00a0Hale","key":"e_1_3_2_1_24_1","unstructured":"Michael\u00a0Hale Ligh, Andrew Case, Jamie Levy, and Aaron Walters. 2014. The art of memory forensics: detecting malware and threats in windows, linux, and Mac memory. John Wiley & Sons."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.fsidi.2022.301404"},{"key":"e_1_3_2_1_26_1","volume-title":"Kubernetes in the wild report","author":"Mayr Alois","year":"2023","unstructured":"Alois Mayr and Peter Putz. 2023. Kubernetes in the wild report 2023. https:\/\/www.dynatrace.com\/news\/blog\/kubernetes-in-the-wild-2023\/"},{"volume-title":"Computing, Communication, Control and Compressed Sensing (iMac4s)","author":"Meera V","key":"e_1_3_2_1_27_1","unstructured":"V Meera, Meera\u00a0Mary Isaac, and C Balan. 2013. Forensic acquisition and analysis of VMware virtual machine artifacts. In 2013 International Mutli-Conference on Automation, Computing, Communication, Control and Compressed Sensing (iMac4s). IEEE, 255\u2013259."},{"key":"e_1_3_2_1_28_1","first-page":"1","article-title":"CONTAIN4n6: a systematic evaluation of container artifacts","volume":"11","author":"Mishra K","year":"2022","unstructured":"Anand\u00a0K Mishra, Emmanuel\u00a0S Pilli, and Mahesh\u00a0C Govil. 2022. CONTAIN4n6: a systematic evaluation of container artifacts. Journal of Cloud Computing 11, 1 (2022), 1\u201314.","journal-title":"Journal of Cloud Computing"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2017.91"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.3390\/jcp2030028"},{"key":"e_1_3_2_1_31_1","unstructured":"OpenVZ. 2015. Comparison to other CR Projects. https:\/\/criu.org\/Comparison_to_other_CR_projects"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/TCC.2017.2702586"},{"volume-title":"Union Mounts in 4.4BSD-Lite(TCON\u201995)","author":"Pendry Jan-Simon","key":"e_1_3_2_1_33_1","unstructured":"Jan-Simon Pendry and Marshall\u00a0Kirk McKusick. 1995. Union Mounts in 4.4BSD-Lite(TCON\u201995). USENIX Association, USA, 3."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/SCCC49216.2019.8966423"},{"key":"e_1_3_2_1_35_1","unstructured":"RedHat. 2019. Rootless containers with Podman and fuse-overlayfs. https:\/\/indico.cern.ch\/event\/757415\/contributions\/3421994\/attachments\/1855302\/3047064\/Podman_Rootless_Containers.pdf"},{"key":"e_1_3_2_1_36_1","article-title":"Forensic analysis of Docker Swarm cluster using GRR Rapid Response framework","volume":"10","author":"Riadi Imam","year":"2019","unstructured":"Imam Riadi, Andi Sugandi, 2019. Forensic analysis of Docker Swarm cluster using GRR Rapid Response framework. International Journal of Advanced Computer Science and Applications 10, 2 (2019).","journal-title":"International Journal of Advanced Computer Science and Applications"},{"key":"e_1_3_2_1_37_1","unstructured":"Jorge Salamero. 2019. Kubernetes runtime security with falco and sysdig."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"crossref","unstructured":"Jordan Shropshire and Ryan Benton. 2020. Container and VM visualization for rapid forensic analysis. (2020).","DOI":"10.24251\/HICSS.2020.783"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.3390\/su14116538"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"crossref","unstructured":"Murugiah Souppaya John Morello and Karen Scarfone. 2017. Application container security guide. Technical Report. National Institute of Standards and Technology.","DOI":"10.6028\/NIST.SP.800-190"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3339252.3340505"},{"key":"e_1_3_2_1_42_1","volume-title":"Wiretapping Pods and Nodes-Lawful Interception in Kubernetes. Electronic Communications of the EASST 80","author":"Spiekermann Daniel","year":"2021","unstructured":"Daniel Spiekermann and J\u00f6rg Keller. 2021. Wiretapping Pods and Nodes-Lawful Interception in Kubernetes. Electronic Communications of the EASST 80 (2021)."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2017.06.008"},{"key":"e_1_3_2_1_44_1","volume-title":"Container security: Issues, challenges, and the road ahead","author":"Sultan Sari","year":"2019","unstructured":"Sari Sultan, Imtiaz Ahmad, and Tassos Dimitriou. 2019. Container security: Issues, challenges, and the road ahead. IEEE access 7 (2019), 52976\u201352996."},{"key":"e_1_3_2_1_45_1","volume-title":"2017 USENIX Annual Technical Conference (USENIX ATC 17)","author":"Tak Byungchul","year":"2017","unstructured":"Byungchul Tak, Canturk Isci, Sastry Duri, Nilton Bila, Shripad Nadgowda, and James Doran. 2017. Understanding security implications of using containers in the cloud. In 2017 USENIX Annual Technical Conference (USENIX ATC 17). 313\u2013319."},{"key":"e_1_3_2_1_46_1","volume-title":"Live memory forensics of mobile phones. digital investigation 7","author":"Thing LL","year":"2010","unstructured":"Vrizlynn\u00a0LL Thing, Kian-Yong Ng, and Ee-Chien Chang. 2010. Live memory forensics of mobile phones. digital investigation 7 (2010), S74\u2013S82."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.fsidi.2020.301002"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/DESEC.2017.8073871"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103490"},{"key":"e_1_3_2_1_50_1","unstructured":"[50] Virtuozzo. 2012. https:\/\/criu.org\/Main_Page"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2012.04.005"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.fsidi.2022.301400"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"crossref","unstructured":"Thomas Watts Ryan Benton Jordan Shropshire and David Bourrie. 2021. Insight from a Containerized Kubernetes Workload Introspection. (2021).","DOI":"10.24251\/HICSS.2021.836"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.24251\/HICSS.2019.863"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.11591\/eei.v10i2.2742"},{"key":"e_1_3_2_1_56_1","volume-title":"Threat modeling and security analysis of containers: A survey. arXiv preprint arXiv:2111.11475","author":"Wong Ann\u00a0Yi","year":"2021","unstructured":"Ann\u00a0Yi Wong, Eyasu\u00a0Getahun Chekole, Mart\u00edn Ochoa, and Jianying Zhou. 2021. Threat modeling and security analysis of containers: A survey. arXiv preprint arXiv:2111.11475 (2021)."},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/3199478.3199506"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3014381"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1109\/eScience.2019.00040"},{"volume-title":"Security, Privacy, and Anonymity in Computation, Communication, and Storage, Guojun Wang, Jinjun Chen, and Laurence\u00a0T","author":"Zhang Shuo","key":"e_1_3_2_1_60_1","unstructured":"Shuo Zhang, Ningjiang Chen, Hanlin Zhang, Yijun Xue, and Ruwei Huang. 2018. A High-Performance Adaptive Strategy of Container Checkpoint Based on Pre-replication. In Security, Privacy, and Anonymity in Computation, Communication, and Storage, Guojun Wang, Jinjun Chen, and Laurence\u00a0T. Yang (Eds.). Springer International Publishing, Cham, 240\u2013250."}],"event":{"name":"ARES 2024: The 19th International Conference on Availability, Reliability and Security","acronym":"ARES 2024","location":"Vienna Austria"},"container-title":["Proceedings of the 19th International Conference on Availability, Reliability and Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3664476.3670895","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3664476.3670895","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T16:54:53Z","timestamp":1755881693000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3664476.3670895"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7,30]]},"references-count":60,"alternative-id":["10.1145\/3664476.3670895","10.1145\/3664476"],"URL":"https:\/\/doi.org\/10.1145\/3664476.3670895","relation":{},"subject":[],"published":{"date-parts":[[2024,7,30]]},"assertion":[{"value":"2024-07-30","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}