Behavior-based VM resource capture for forensics
US12182604B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Oct 21, 2022 |
| Grant date | Dec 31, 2024 |
| Priority date | — |
| Expiry date | Oct 21, 2042 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2201/84
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A method for capturing VM resources for forensics includes receiving an indication of compromise (IoC). The indication of compromise indicates an attack is imminent against a virtual machine. The method also includes, in response to receiving the IoC and before the attack begins, snapshotting a memory state of memory used by the virtual machine and increasing a level of auditing of the virtual machine from a standard level of auditing to a heightened level of auditing. The heightened level of auditing generates data representative of all accesses to the memory used by the virtual machine. After the attack against the virtual machine has begun, the method includes maintaining the heightened level of auditing for a threshold period of time, notifying a user of the virtual machine of the indication of compromise, and storing the data in memory external to the virtual machine.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.