A security analyst is investigating a containerized application running on a Docker host. The analyst needs to collect forensic evidence from a stopped container without starting it. Which of the following Docker commands should be used to export the container's filesystem as a tar archive?
docker export exports a container's filesystem to a tar archive.
Why this answer
docker export exports the container's filesystem as a tar archive. It works on stopped or running containers and does not require the container to be started.