| Abstract: A system, method, and device for cloud forensics and incident response is
provided. In an embodiment, a computer-implemented method for performing
cloud forensics and incident response includes intercepting, by a cloud
incident response module (CIRM), communication between a virtual machine
(VM) and a hypervisor. The method also includes extracting, by the CIRM,
data from the communication between the VM and the hypervisor according
to a forensic policy. Intercepting and extracting the data are
transparent to the VM and to the hypervisor. Intercepting and extracting
the data are independent of the VM and the hypervisor. |
| Filed: 7/31/2018 |
| Application Number: 16/51005 |
| This invention was made with Government support under Contract No. DE-NA0003525 awarded by the United States Department of Energy/National Nuclear Security Administration. The Government has certain rights in the invention. |
| Attribution for Derwent World Patents Index Records published on Sandia ® Clarivate. All rights reserved. Republication or redistribution of Clarivate content, including by framing or similar means, is prohibited without the prior written consent of Clarivate. Clarivate and its logo, as well as all other trademarks used herein are trademarks of their respective owners and used under license. |