Explore the aftermath of a Docker app hack in this BSidesRDU 2018 conference talk. Dive into the anatomy of Docker containers, learn live and cold capture techniques, and understand image listing and metadata analysis. Examine container metadata, disk content, and anticipated layers. Investigate storage backends like Overlay2 and DeviceMapper, discovering how to find container storage and access individual layers. Follow along with practical examples, including mounting layers and conducting further analysis. Gain valuable insights into post-hack forensics and containment strategies for Docker environments.