| Abstract: | A system, method, and device for cloud forensics and incident response is
provided. In an embodiment, a computer-implemented method for performing
cloud forensics and incident response includes intercepting, by a cloud
incident response module (CIRM), communication between a virtual machine
(VM) and a hypervisor. The method also includes extracting, by the CIRM,
data from the communication between the VM and the hypervisor according
to a forensic policy. Intercepting and extracting the data are
transparent to the VM and to the hypervisor. Intercepting and extracting
the data are independent of the VM and the hypervisor. |