KVM-based Virtual Machine Introspection
-
Updated
May 21, 2024 - Jinja
KVM-based Virtual Machine Introspection
Virtual Machine Introspection (VMI) for memory forensics and machine-learning.
A ProcInjectionsFind volatility plugin runs against malware-infected memory images or memory of live VMs and examines each memory region of all running processes to conclude if it is the result of process injection.
Detecting x86 paging structures in raw memory.
Robust API monitoring system presented in the paper "Designing Robust API Monitoring Solutions" (IEEE TDSC)
Data structure detection with neural networks.
Rust bindings to KVM's introspection libkvmi library
a simple honeypot with LibVMI and Volatility
Rust reimplementation of LibVMI
A simple Rust wrapper around LibVMI for virtual machine introspection (very incomplete)
Malware Behavior Analyzer
Add a description, image, and links to the virtual-machine-introspection topic page so that developers can more easily learn about it.
To associate your repository with the virtual-machine-introspection topic, visit your repo's landing page and select "manage topics."