Containers and Kubernetes have revolutionized how we deploy software—but they’ve also changed how we investigate breaches. When attackers compromise ephemeral pods or exploit misconfigured workloads, the evidence often disappears in minutes. This session takes the audience inside a real-world container compromise—from initial intrusion through lateral movement to post-incident recovery.
Attendees will leave with a practical framework for container forensics—what data to preserve, how to automate evidence collection, and how to build incident response readiness into CI/CD pipelines. Whether you’re a security engineer, SRE, or DevOps practitioner, you’ll gain actionable techniques for investigating and learning from breaches in dynamic, containerized environments