SANS Stormcast Thursday, October 30th, 2025: Memory Only Filesystems Forensics; Azure Outage; docker-compose patch
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 696 Ratings
🗓️ 30 October 2025
⏱️ 6 minutes
🧾️ Download transcript
Summary
How to Collect Memory-Only Filesystems on Linux Systems
Getting forensically sound copies of memory-only file systems on Linux can be tricky, as tools like dd do not work.
https://isc.sans.edu/diary/How%20to%20collect%20memory-only%20filesystems%20on%20Linux%20systems/32432
Microsoft Azure Front Door Outage
Today, Microsoft s Azure Front Door service failed, leading to users not being able to authenticate to various Azure-related services.
https://azure.status.microsoft/en-us/status
Docker-Compose Vulnerability
A vulnerability in docker-compose may be used to trick users into creating files outside the docker-compose directory
https://github.com/docker/compose/security/advisories/GHSA-gv8h-7v7w-r22q
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Thursday, October 30th, 2025 edition of the Sands Internet Storm Center's Stormcast. |
| 0:12.9 | My name is Johannes Ulrich, recording today from Jacksonville, Florida. |
| 0:17.6 | And this episode is brought you by the sands.edu graduate certificate program in |
| 0:22.7 | cybersecurity engineering. In diaries today, we have Jim talk about memory-only file systems on Linux. |
| 0:31.8 | Sometimes colloquially called RAM disks. Of course, they exist on other operating systems as well. |
| 0:37.8 | The tricky thing about these memory-only file systems on Linux is that there is no |
| 0:42.7 | block device associated with those file systems. |
| 0:47.5 | Often, DeafSHM is a typical location. |
| 0:51.8 | Sometimes they have also temporary files systems, even slash temp, |
| 0:54.7 | sometimes being mounted |
| 0:56.6 | as a memory-only file system. |
| 0:59.3 | The problem now is that DD, |
| 1:02.1 | your standard tool that you're using |
| 1:03.5 | to make sort of no forensically sound copies |
| 1:05.9 | of data and similar tools |
| 1:08.2 | don't work on these memory-only file systems. |
| 1:12.4 | So Jim is going over a little shell script that he's using |
| 1:16.7 | in order to deal with those file systems. |
| 1:19.6 | Yes, it's not ideal in the sense that it doesn't sort of create a bit by bit copy of the file system, |
| 1:28.2 | but instead what Jim is suggesting here is to basically just first use the shell stat command |
| 1:35.8 | in order to collect basic statistics about the files, |
| 1:39.4 | and then copy individual files. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.