Docker Explorer

This project assists a forensics analyst in examining offline Docker filesystems. When investigating a system that has experienced a compromise in a Docker container, it can be beneficial to view the filesystem as it appears within the container. Docker employs layered backend filesystems such as AuFS or OverlayFS, with each layer saved on the host's filesystem across multiple folders. Additionally, Docker utilizes some JSON files to identify and manage the various components.

Installation methods include using PPA, PyPI, or cloning the repository. To use the software, you need to locate the relevant container ID, mount the container's filesystem at /mnt/container, and then utilize tools such as log2timeline.py or ls.