Unlock instant, AI-driven research and patent intelligence for your innovation.

Hypervisor-hosted virtual machine forensics

A technology for managing programs and virtual machines, which is applied in multi-programming devices, program control design, electrical digital data processing, etc.

Active Publication Date: 2020-08-04
MICROSOFT TECH LICENSING LLC
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, loading the proxy on each host does not scale well
[0005] Additionally, forensic acquisition and analysis of stored data does not provide real-time memory or current state of running virtual machines

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Hypervisor-hosted virtual machine forensics
  • Hypervisor-hosted virtual machine forensics
  • Hypervisor-hosted virtual machine forensics

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0013] The detailed description provided below in connection with the accompanying drawings is intended as a description of the examples and is not intended to represent the only forms in which the examples may be constructed or utilized. The description sets forth the functionality of the example and the sequence of steps used to build and operate the example. However, the same or equivalent functions and sequences can be achieved by different examples.

[0014] References to "one embodiment," "an embodiment," "an example embodiment," "an implementation," "an implementation," "an example," "an example," etc. indicate the described embodiment, implementation , or examples may include a particular feature, structure, or characteristic, but each embodiment, implementation, or example does not necessarily include the particular feature, structure, or characteristic. Furthermore, such phrases are not necessarily referring to the same embodiment, implementation, or example. Furth...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A computer system obtains forensic data from running virtual machines in a hypervisor-hosted virtualization environment. The computer system presents the forensic partition as an additional root virtual machine partition or child virtual machine partition. The forensic partition includes a forensic service API configured to target one or more virtual machines and obtain forensic data from the targeted virtual machines running in the particular sub-virtual machine partition. The forensic services API is configured to communicate via one or more inter-partition communication mechanisms (eg, an inter-partition communication bus, a hypercall interface, or a forensic switch) implemented by the hypervisor-hosted virtualization environment. The forensic service API may be exposed to forensic tools as part of the cloud-based forensic service.

Description

Background technique [0001] As data center solutions become the primary VM-based incident responders in traditional enterprises, information technology environments, as well as cloud service provider environments, will face enormous challenges in conducting large-scale forensic acquisition and analysis. [0002] Traditional forensic tools work at the host level, typically in user mode to obtain artifacts from file systems and memory via user mode techniques and application programming interfaces (APIs), or in some cases from kernel mode drivers or libraries (shims) Get artifacts. These traditional solutions cannot scale in large data center environments and can be threatened and hindered by more sophisticated malware using anti-forensics features and techniques. [0003] When performing security investigations and forensic analysis in a small business environment, tools for forensic acquisition and analysis can be used to perform analysis on a host-by-host basis. Performing ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F9/50
CPCG06F9/5077Y02D10/00G06F9/45558G06F2009/45595
Inventor J·科克伦
Owner MICROSOFT TECH LICENSING LLC