This gist evalutes how one can setup and use the new tool container-explorer to perform post mortem forensics using an image of a host that contained a containerd installation.

The following steps are performed on a Windows WLS2 shell running an Ubuntu image. Therefore the steps should also work for native ubuntu.

First, check the file system of your exported image. This can be anything from VirtualBox disk to whatever someone throw at your desk. I am using a raw disk export from VirtualBox. This image is the export of a worker node from a kubernetes cluster. Disclaimer: This is all test data! If you want to know how to setup a Kubernetes cluster in VirtualBox, see here.

This quick gist aims to guide through the installation of an analyzation environment which i used for my master thesis. It documents walkthroughs for both Windows and Ubuntu (20.04 LTS (focal))

The goal is to have a machine where i can deploy VMs via vagrant, provision them with ansible and to funny stuff do them with PowerShell.

For the future it is planned to create a repo out of this containing automation scripts as well as terraform and ansible scripts.

NOTES: For the Ubuntu guide use either a bare metal machine, or a cloud provider VM from which you know that para-virtualizarion is supported. I've used DigitalOcean, 'cause no AWS image (AMI) provided that functionality. See the ubuntu virtualbox section for more information.

This small guide aims to help all fellow windows users out there, who use VirtualBox on the windows-host-os but want to work with vagrant+ansible smoothly. This goal can be achived by leveraging the sharing-functionalities between the WSL2 and the windows host os.

In general, you have to perform the following steps which will be explained in detail down below:

1. Setup and configure WSL2 on your Windows System
2. Install a WSL2 distribution (I've used ubuntu)
3. Install vagrant within the WSL2 distro (see Basics)