The Best Online Cybersecurity Training in the World - SANS OnDemand


To attend this webcast, login to your SANS Account or create your Account.

Best practices for Forensics and Incident Response in Containers

  • Tuesday, July 10th, 2018 at 1:00 PM EST (17:00:00 UTC)
  • Knox Anderson and Jake Williams
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.


  • Sysdig

You can now attend the webcast using your mobile device!


Almost 5 years, 48,000+ github stars, and tens of thousand of production deployments later we can safely say containers are a technology that is a here to stay. Theyre developer friendly, easy to operationalize, and allow organizations to provide stable and secure services to their customers.

 While there are clear best practices for what it takes to build and run containers, there isn't as much knowledge around the performing forensic analysis of incidents that occur inside your containers.

 In this webinar we'll cover:

- How containers change incident response and forensics

- Best practices around forensic data collection in container environments

- Compare opensource and commercial forensics options 

- A live demo of multiple forensics investigations using Sysdig Inspect: an opensource container forensics tool

Speaker Bios

Knox Anderson

Knox Anderson is a container aficionado, working in product marketing at Sysdig focused on security and forensic solutions for containers and microservices. Prior to joining Sysdig he first discovered containers as an easy way to demo complex products like distributed SQL databases and has been helping companies of all sizes make their experience of running containers in production easier. Knox holds a BS in Business Management Information Systems and Services from Boston University.

Jake Williams

Jake Williams is a SANS analyst, senior SANS instructor, course author and designer of several NetWars challenges for use in SANS' popular, "gamified" information security training suite. Jake spent more than a decade in information security roles at several government agencies, developing specialties in offensive forensics, malware development and digital counterespionage. Jake is the founder of Rendition InfoSec, which provides penetration testing, digital forensics and incident response, expertise in cloud data exfiltration, and the tools and guidance to secure client data against sophisticated, persistent attacks on-premises and in the cloud.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.