Hypervisor-hosted virtual machine forensics
US9851998B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Jul 22, 2015 |
| Grant date | Dec 26, 2017 |
| Priority date | — |
| Expiry date | Aug 5, 2035 |
Classification
- Technology area (CPC Y)Emerging Cross-Sectional Technologies
- CPC primaryY02D10/00
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A computer system acquires forensics data from running virtual machines in a hypervisor-hosted virtualization environment. The computer system provides a forensics partition as an additional root virtual machine partition or child virtual machine partition. The forensics partition includes a forensics service application programming interface configured to target one or more virtual machines and acquire forensics data from a targeted virtual machine running in a particular child virtual machine partition. The forensics service application programming interface is configured to communicate via one or more inter-partition communication mechanisms such as an inter-partition communication bus, a hyercall interface, or forensics switch implemented by the hypervisor-hosted virtualization environment. The forensics service application programming interface can be exposed to a forensics tool as part of a cloud-based forensics service.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.