569
edits
Changes
Jump to navigation
Jump to search
mLine 24:
Line 24: + + + + + + + + + + + + + + +
no edit summary
* Expected size: 350 hours
* Expected size: 350 hours
* Mentors: Viktória Spišaková <spisakova@ics.muni.cz>, Radostin Stoyanov <rstoyanov@fedoraproject.org>, Adrian Reber <areber@redhat.com>
* Mentors: Viktória Spišaková <spisakova@ics.muni.cz>, Radostin Stoyanov <rstoyanov@fedoraproject.org>, Adrian Reber <areber@redhat.com>
=== Forensic Checkpointing Framework for Kubernetes ===
Kubernetes provides a highly dynamic and ephemeral environment where workloads can start and disappear very quickly and are continuously being rescheduled across different nodes in the cluster.
One of the key challenges with forensic investigations in Kubernetes is capturing and preserving the evidence during security incidents. This project aims to address this problem by developing a framework for efficiently capturing and preserving the state of all running applications in a container at a specific point in time, along with the associated container configurations and metadata. These artifacts would allow investigators to accurately reconstruct the events, create a timeline, and analyze security incidents without impacting the running cluster. This is an important step towards enabling forensic readiness for Kubernetes, where cluster administrators proactively ensure the environments are prepared to collect and preserve evidence before a security incident occurs.
'''Links:'''
* [https://fosdem.org/2026/schedule/event/F9RANH-forensic-snapshots-in-kubernetes/ Investigating Security Incidents with Forensic Snapshots in Kubernetes]
* https://github.com/checkpoint-restore/checkpointctl
'''Details:'''
* Skill level: intermediate
* Language: Go
* Expected size: 350 hours
* Mentors: Lorena Goldoni <lory.goldoni@gmail.com>, Radostin Stoyanov <rstoyanov@fedoraproject.org>, Adrian Reber <areber@redhat.com>
=== Enabling Checkpoint/Restore of Rootless Containers ===
=== Enabling Checkpoint/Restore of Rootless Containers ===