Virtual Machine Introspection (VMI) for memory forensics and machine-learning.
The SmartVMI project is split into a core component which manages access to the virtual machine and provides a high abstraction layer for ease of plugin implementation. See VmiCore Readme for additional information as well as how to build/use this project.
To allow for easy extension SmartVMI provides a plugin interface. For information about writing your own plugin see the Plugins Readme. You can find already implemented plugins which also serve as examples for how to use this project in the plugins folder. For additional information see the corresponding plugin readme:
- Template Stripped down plugin to take your first steps with plugin development.
- InMemoryScanner
- ApiTracing
The project “Synthesizing ML training data in the IT security domain for VMI-based attack detection and analysis” ( SmartVMI) is a research project funded by the BMBF and DLR. See: www.smartvmi.org for more information.