Cloud investigation
Kubernetes Forensics Primer
Kubernetes environments change quickly. This primer orients investigators and platform engineers to shared signals, safe collection order, and documentation that respects CI/CD realities. Labs emphasize collaboration rather than heroics.
- Duration
- 3 days, hybrid
- Format
- Hybrid cohort
- Program fee (informational)
- ₩1,560,000
- Start window
- 2026-11-11
Outcomes
- Shared signal map between platform and security
- Less thrash during investigations that overlap releases
- Clearer internal postmortems with evidence pointers
| Capability | What you practice |
|---|---|
| Module 1 | Workload identity tracing exercises |
| Module 2 | Ephemeral volume considerations without vendor lock-in |
| Module 3 | Audit configuration sanity checks |
| Module 4 | Incident records packaging for platform retrospectives |
| Module 5 | Pair exercises between SRE and security analysts |
| Module 6 | Quality standards language for change windows |
| Module 7 | Reference reading list maintained post-class |
Lead facilitator
Sora Kim
Incident response coach for cloud-native teams.
FAQ
Labs target stable upstream patterns. Minor version differences are discussed in office hours.
We provide shared lab clusters. Some teams optionally connect read-only to a staging cluster under contract.
Service mesh internals are mentioned but not exhaustively covered.
Participant notes
“The workload identity drills mapped cleanly to how our platform team already thinks. Good bridge for security folks newer to kube.”
“We kept the audit sanity checklist posted next to our on-call runbook.”