CHIRP: Cloud Hypervisor-forensics and Incident Response Platform
Category: Software/Services
Developers: Sandia National Laboratories (SNL)
Co-Developers: Not Applicable
United States
Product Description:Forensic and incident response tools have not evolved to combat advancing threats to Cloud security. In response, Sandia developed CHIRP: an innovative, lightweight, agentless Virtual Machine (VM) Introspection tool that transparently interacts with VMs to extract data for indicators of compromise, evidence collection and adversarial tools, techniques and procedures.
Developers: Sandia National Laboratories (SNL)
Co-Developers: Not Applicable
United States
Product Description:Forensic and incident response tools have not evolved to combat advancing threats to Cloud security. In response, Sandia developed CHIRP: an innovative, lightweight, agentless Virtual Machine (VM) Introspection tool that transparently interacts with VMs to extract data for indicators of compromise, evidence collection and adversarial tools, techniques and procedures.
CHIRP assumes functions of the cloud hypervisor to hide beneath the view of the VM. In this way, anything that happens on the VM is captured, in real-time. Accesses, resources, processes, files – all are pulled from the VM and handed to analyst. With CHIRP, the attacker cannot erase their tracks, and cannot lie about their actions.