Hypervisor Security and Vulnerabilities - Incident Response and Forensics in Virtualized Environments

7.1.

7.1.1.

7.1.1.1.

7.1.1.2.

7.1.2.

7.1.2.1.

7.1.2.2.

7.1.3.

7.1.3.1.

7.1.3.2.

7.2.

7.2.1.

7.2.1.1.

7.2.1.2.

7.2.2.

7.2.2.1.

7.2.2.2.

7.2.3.

7.2.3.1.

7.2.3.2.

7.3.

7.3.1.

7.3.1.1.

7.3.1.2.

7.3.2.

7.3.2.1.

7.3.2.2.

7.3.3.

7.3.3.1.

7.3.3.2.

7.4.

7.4.1.

7.4.1.1.

7.4.1.2.

7.4.2.

7.4.2.1.

7.4.2.2.

7.4.3.

7.4.3.1.

7.4.3.2.

7.4.4.

7.4.4.1.

7.4.4.2.

6. Advanced Hypervisor Security Architectures

Go to top

Back to Start

1. Introduction to Virtualization and Hypervisor Technology

Incident Response and Forensics in Virtualized Environments

Challenges in Virtualized Incident Response

Volatility of Virtual Machine State

Abstraction from Physical Hardware

Log Correlation Complexity

Detection and Analysis

Identifying Anomalous Hypervisor Behavior

Detecting VM Escape and Inter-VM Attacks

Forensic Analysis of VM Snapshots

Data Acquisition

Acquiring VM Memory Dumps

Capturing Virtual Disk Images

Preserving Hypervisor Logs and State

Containment and Eradication

Isolating Compromised VMs

Live Migration of Unaffected VMs

Reverting to Secure Snapshots

Rebuilding the Host and Hypervisor