diff --git a/Modules/Windows/PowerShell_Docker_Containers.mkape b/Modules/Windows/PowerShell_Docker_Containers.mkape new file mode 100644 index 000000000..fc66dfbc6 --- /dev/null +++ b/Modules/Windows/PowerShell_Docker_Containers.mkape @@ -0,0 +1,16 @@ +Description: Docker Container Details +Category: LiveResponse +Author: DReneau +Version: 1.1 +Id: 87bf8201-6256-45ad-8b2b-a6034235db53 +ExportFormat: txt +Processors: + - Executable: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe + CommandLine: "$filePath = '%destinationDirectory%\\docker_container_info.txt'; $dockerOutput = (docker version | Out-String).TrimEnd() + [System.Environment]::NewLine + [System.Environment]::NewLine + (docker ps --all --format 'ID: {{.ID}} | Name: {{.Names}} | Image: {{.Image}} | Size: {{.Size}} | Status: {{.Status}} | Command: {{.Command}}' | Out-String).TrimEnd(); Set-Content -Path $filePath -Value $dockerOutput -Encoding UTF8;" + ExportFormat: txt + +# Documentation +# https://docs.docker.com/reference/cli/docker/container/ls/ +# This module combines Docker ps and Docker version commands. Output is based on installed Docker and the status. +# Example: +# .\kape.exe --msource C:\kape\path\to\acquired\Windows\System32\config --mdest C:\kape\out --module powershell_docker_containers