While Linux has become even more prominent in computing over the last decade via the cloud and containerized apps, relatively little has changed with regards to forensics investigations of these systems. This blog post introduces a new type of Linux telemetry by repurposing a kernel feature designed to limit system resources into an effective form of process enrichment.
What is a cgroup?
Since Lin...
Upon closer examination, the article showcases the dual nature of cgroups—while they are essential for effective resource management and containerization in Linux systems, their extensive control over system resources can also be exploited by malicious actors. The authors highlight this tension by presenting case studies demonstrating both legitimate uses (e.g., resource allocation and containerization) as well as potential misuses (e.g., resource exhaustion attacks or obfuscation of malicious a...