Docker Info

Overview

Evidence: Docker Info Description: Collect Docker Info. Category: Applications Platform: linux Short Name: dockinfo Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

Docker system information provides configuration details about the Docker daemon including storage driver, kernel version, operating system, total containers/images, and resource limits. This metadata is crucial for understanding the Docker environment configuration and detecting anomalies.

Data Collected

This collector gathers structured data about docker info.

Collection Method

This collector queries the Docker daemon via Docker Engine API to retrieve system-wide information including version, storage driver, logging driver, plugins, security options, and resource constraints.

Forensic Value

System-level Docker configuration reveals potential security weaknesses such as insecure registries, disabled security features, or resource exhaustion. This data helps investigators understand the Docker deployment model and identify misconfigurations that attackers may exploit.