{"schema_version":"1.0","canonical_url":"https://patentable.app/patents/US-11494216","patent":{"patent_number":"US-11494216","title":"Behavior-based VM resource capture for forensics","assignee":null,"inventors":[],"filing_date":"2019-08-16T00:00:00.000Z","publication_date":"2022-11-08T00:00:00.000Z","cpc_codes":["G06F","G06F","G06F","G06F","G06F","G06F","G06F","G06F","G06F","G06F","G06F","G06F","G06F","G06F"],"num_claims":24,"abstract":"A method for capturing VM resources for forensics includes receiving an indication of compromise (IoC). The indication of compromise indicates an attack is imminent against a virtual machine. The method also includes, in response to receiving the IoC and before the attack begins, snapshotting a memory state of memory used by the virtual machine and increasing a level of auditing of the virtual machine from a standard level of auditing to a heightened level of auditing. The heightened level of auditing generates data representative of all accesses to the memory used by the virtual machine. After the attack against the virtual machine has begun, the method includes maintaining the heightened level of auditing for a threshold period of time, notifying a user of the virtual machine of the indication of compromise, and storing the data in memory external to the virtual machine."},"analysis":{"summary":null,"layman_explanation":null,"technical_analysis":null,"business_analysis":null,"faqs":null,"topics":[],"tech_cluster":null},"seo":{"title":"Behavior-based VM resource capture for forensics","description":"A method for capturing VM resources for forensics includes receiving an indication of compromise (IoC). The indication of compromise indicates an attack is imminent against a virtual machine. The meth","keywords":[]},"attribution":{"source":"Patentable","source_url":"https://patentable.app","canonical_url":"https://patentable.app/patents/US-11494216","license":"CC-BY-4.0-like","license_terms":"AI-generated analysis on this page (summary, layman_explanation, technical_analysis, business_analysis, faqs) may be reused with attribution and a visible link back to the canonical URL above. Patent abstracts, claims, and bibliographic data are USPTO public domain.","required_link":"https://patentable.app/patents/US-11494216","citation_suggestion":"Patentable. \"Behavior-based VM resource capture for forensics\" (US-11494216). https://patentable.app/patents/US-11494216","copyright_holder":"Nomic Interactive Technology LLC"},"links":{"html":"https://patentable.app/patents/US-11494216","json":"https://patentable.app/api/llm-context/US-11494216","site":"https://patentable.app","llms_txt":"https://patentable.app/llms.txt"},"generated_at":"2026-05-31T13:43:20.035Z"}