In this presentation we take under consideration the increased use of Docker in corporate environments. It is a fact that Docker has found wide spread of use during the past years, mostly because of it being very easy to use , economic w.r.t resources used, fast and easy to deploy when compared with a full blown virtual machine. More and more servers are being operated as Docker hosts on which micro-services run in containers. From a security point of view, two aspects of it arise in the context of this talk and the inherent time-limitations it has. Firstly, the aspect of the already quite talked-through question, “is it secure ?”.Secondly the less analyzed aspect of incident analysis and the changes introduced with respect to known methods and evidence.In this presentation we will briefly outline some security considerations about Docker and the average user and then we will try to examine how Docker introduces changes to the workflow related to incident analysis and forensics in its environment.