SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Thursday, October 30th, 2025: Memory Only Filesystems Forensics; Azure Outage; docker-compose patch
Oct 30, 2025
Discover the challenges of collecting memory-only filesystems on Linux and a shell-script method to tackle them. Learn about a recent Azure Front Door outage that disrupted authentication for many users. Plus, there's a critical vulnerability in docker-compose that could lead to unauthorized file creation, urging immediate patch application. Tune in for insights and updates on these vital cybersecurity topics!
AI Snips
Chapters
Transcript
Episode notes
No Block Device Means No Bit-For-Bit Image
- Memory-only Linux filesystems lack a block device, so standard bit-by-bit imaging tools fail to create true forensic images.
- A file-by-file approach preserves evidence but does not produce a full bit-for-bit replica.
Forensic Capture Of RAM Filesystems
- Use stat to capture metadata and copy individual files when imaging memory-only filesystems on Linux since dd cannot access them.
- Inspect filenames before passing them to the shell to avoid issues with unusual names.
Outage Perception Versus Reality
- Cloud provider failures often cascade into service access problems when centralized auth services are used.
- Social media can amplify perceived multi-provider outages even when only one provider is affected.